(13) Permission Denied

Error 13 indicates a filesystem permissions problem. That is, Apache was denied access to a file or directory due to incorrect permissions. It does not, in general, imply a problem in the Apache configuration files.

In order to serve files, Apache must have the proper permission granted by the operating system to access those files. In particular, the User or Group specified in httpd.conf must be able to read all files that will be served and search the directory containing those files, along with all parent directories up to the root of the filesystem.

Typical permissions on a unix-like system for resources not owned by the User or Group specified in httpd.conf would be 644 -rw-r--r-- for ordinary files and 755 drwxr-x-r-x for directories or CGI scripts. You may also need to check extended permissions (such as SELinux permissions) on operating systems that support them.

If you are running 2.4, the AH error code may give you more information here.

• AH00132: file permissions deny server access

• AH00035: access denied because search permissions are missing on a component of the path

An Example

Lets say that you received the Permission Denied error when accessing the file /usr/local/apache2/htdocs/foo/bar.html on a unix-like system.

First check the existing permissions on the file:

cd /usr/local/apache2/htdocs/foo
ls -l bar.htm

Fix them if necessary:

chmod 644 bar.html

Then do the same for the directory and each parent directory (/usr/local/apache2/htdocs/foo, /usr/local/apache2/htdocs, /usr/local/apache2, /usr/local, /usr):

ls -la
chmod +x .
cd ..
# repeat up to the root

On some systems, the utility namei can be used to help find permissions problems by listing the permissions along each component of the path:

namei -m /usr/local/apache2/htdocs/foo/bar.html

If your system doesn't have namei, you can use parsepath. It can be obtained from here.

If all the standard permissions are correct and you still get a Permission Denied error, you should check for extended-permissions. For example you can use the command setenforce 0 to turn off SELinux and check to see if the problem goes away. If so, ls -alZ can be used to view SELinux permission and chcon to fix them.

In rare cases, this can be caused by other issues, such as a file permissions problem elsewhere in your apache2.conf file. For example, a WSGIScriptAlias directive not mapping to an actual file. The error message may not be accurate about which file was unreadable.

DO NOT set files or directories to mode 777, even "just to test", even if "it's just a test server". The purpose of a test server is to get things right in a safe environment, not to get away with doing it wrong. All it will tell you is if the problem is with files that actually exist.

CGI scripts

Although the CGI script permission might look correct, the actual binary specified in the shebang might not have the proper permissions to be run. (Or some directory on its path, check with namei as explained above.)

(13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (localhost) failed

This error is not really about file permissions or anything like that. What it actually means is that httpd has been denied permission to connect to that IP address and port.

The most common cause of this is SELinux not permitting httpd to make network connections.

To resolve it, you need to change an SELinux boolean value (which will automatically persist across reboots). You may also want to restart httpd to reset the proxy worker, although this isn't strictly required.

# setsebool -P httpd_can_network_connect 1

For more information on how SELinux can affect httpd, read the httpd_selinux man page.

source - https://wiki.apache.org/httpd/13PermissionDenied

* documentRoot 디렉토리 및 파일 퍼미션 설정

   - 디렉토리일 경우 상위 디렉토리까지 동일하게 설정

# find ./documentRoot -type d -exec chmod 0755 {} \;

# find ./documentRoot -type f -exec chmod 0644 {} \;

How can I add a user to a group under Linux operating system using command line options? How to add an existing user into a group in Linux using command line options?

You can use the useradd or usermod commands to add a user to a group. The useradd command creates a new user or update default new user information. The usermod command modifies a user account and it is useful to add user to existing groups. There are two types of groups under Linux operating systems:

1. Primary user group.
2. Secondary or supplementary user group.

All user account related information are stored in the following files:

1. /etc/passwd - Contains one line for each user account.
2. /etc/shadow - Contains the password information in encrypted formatfor the system's accounts and optional account aging information.
3. /etc/group - Defines the groups on the system.
4. /etc/default/useradd - This file contains a value for the default group, if none is specified by the useradd command.
5. /etc/login.defs - This file defines the site-specific configuration for the shadow password suite stored in /etc/shadow file.

useradd Example - Add a new user to secondary group

You need to the useradd command to add new users to existing group (or create a new group and then add user). If group does not exist, create it. The syntax is as follows:
useradd -G {group-name} username
In this example, create a new user called vivek and add it to group called developers. First login as a root user (make sure group developers exists), enter:
# grep developers /etc/group
Output:

developers:x:1124:

If you do not see any output then you need to add group developers using the groupadd command:
# groupadd developers
Next, add a user called vivek to group developers:
# useradd -G developers vivek
Setup password for user vivek:
# passwd vivek
Ensure that user added properly to group developers:
# id vivekOutput:

uid=1122(vivek) gid=1125(vivek) groups=1125(vivek),1124(developers)

Please note that capital G (-G) option add user to a list of supplementary groups. Each group is separated from the next by a comma, with no intervening whitespace. For example, add user jerry to groups admins, ftp, www, and developers, enter:
# useradd -G admins,ftp,www,developers jerry

useradd example - Add a new user to primary group

To add a user tony to group developers use the following command:
# useradd -g developers tony
# id tony
Sample outputs:

uid=1123(tony) gid=1124(developers) groups=1124(developers)

Please note that small g (-g) option add user to initial login group (primary group). The group name must exist. A group number must refer to an already existing group.

usermod example - Add a existing user to existing group

Add existing user tony to ftp supplementary/secondary group with the usermod command using the-a option ~ i.e. add the user to the supplemental group(s). Use only with -G option:
# usermod -a -G ftp tony
In this example, change tony user's primary group to www, enter:
# usermod -g www tony

usermod command options summary

A note about security

If you add or delete user to existing group, you must change the owner of any crontab files or at jobs manually. You must make any changes involving NIS on the NIS server too.

A note about GUI tool

You will probably find the use of the GUI tool easy. KDE user can use KUser tool and the GNOME user can use users-admin tool called system-config-users:
# system-config-users
Sample outputs:

Fig.01: User Manager Tool in action (image credit Fedora project)

See also

For more information type the following command at the shell prompt:
$ man usermod
$ man useradd

source - http://www.cyberciti.biz/faq/howto-linux-add-user-to-group/

Add a User to a Group (or Second Group) on Linux

source - http://www.howtogeek.com/50787/add-a-user-to-a-group-or-second-group-on-linux/

Remove Linux User From a Secondary Group ( Supplementary Groups )

Q. User tom is a member of a group called sales and printer. I'd like to remove tom from a group called printer without editing any user configuration text files stored at /etc/ directory?

A. /etc/groups file defines group membership for each user. usermod command has -G option to set a list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. If the user is currently a member of a group which is not listed, the user will be removed from the group.

Step # 1: Find out user group identity

Use id command:
# id -nG {user-name}
# id -nG tom
Output:

sales printer

Step # 2: Remove user from printer group

Use the following syntax:
# usermod -G {groupname1,groupname2,...} {username}
To keep membership for sales only group (remove user tom from printer group), enter:
# usermod -G sales tom
# id -nG tom
Output:

sales

The following example remove user vivek from all groups except admin, audio, video and powerdev group:
# id -nG vivek
Output:

vivek adm dialout cdrom floppy audio dip video plugdev scanner netdev lpadmin powerdev admin

Modify group membership, enter:
# usermod -G admin, audio, video, powerdev vivek
# id -nG tom
Sample output:

vivek audio video powerdev admin

For more information, read usermod(8) command man page:
$ man usermod

source - http://www.cyberciti.biz/faq/howto-linux-remove-user-from-group/

1. install and new software
2. Add site - Zend Debugger
3. Location - http://downloads.zend.com/pdt