Almost two weeks ago I ran into some issues with my apache web server configuration running PHP under mod_fcgid. These issues started with an unexpected
403 Forbidden error, caused by a
(13) Permission Denied error on my
.htaccess file, and finally resulted in (due to my misconfiguration of PHP) a
No input file specified error.
Since it caused me a great deal of headache, and took me a while to figure out, I thought I'd share with you my debugging process. Keep in mind, I'm a software developer, not an Apache sysadmin wizard. So you httpd wizards out there, feel free to correct me where I'm missing the obvious.
I'm running a MediaTemple (dv) 3.0 virtual server under Plesk. My problems started shortly after that with arbitrary
403 Forbidden responses to URLs I know should have worked. In fact, retrying the URL showed that it did work. As you'll see, the "sometimes works" part didn't last long.
The first step to solving a problem like this, or anything else, is to check logs. The Apache error log is the right log to start with. For me (MediaTemple (dv) 3.0 / Plesk) this was in the
/var/www/vhosts/yourdomain.com/statistics/logs directory. Apart from the usual noise in log files I did see a pretty conspicuous line:
.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
This was pretty alarming because I had no .htaccess file in the particular directory indicated (the "[snip]" part). So I dug around on the internet for a while and found pretty much nothing of help about this problem. Keep in mind that everything was running just fine until this point. So I tried turning off AllowOverride in my global httpd.conf file (actually it goes in my vhost.conf file which Plesk includes for my virtual domain). I restarted Apache (
service httpd restart) and much to my dismay, I started getting
403 Prohibited on every request. Yikes!
After finally digging through the MediaTemple knowledge base I found this little tidbit:
[...]permissions (755 or chmod o+x) on a directory created for alternate and subdomains is sufficient to serve web content. Anything else will prohibit Apache from entering the directory and showing your content to visitors.
So I did a
stat on my http documents directory and I see:
chmod o+x command later and my .html files are once again servable. Not sure what changed to cause the problem, but now everything was looking good and I was just about to close the issue as resolved.
Which brings me to the last problem I was getting on my PHP files:
No input file specified. This started another round of fruitless internet searches. The bottom line is that this meant that PHP couldn't execute the file. Well, another
stat command on the file in question showed:
Access: (0660/-rw-rw----) Uid: (1000/ someuser) Gid: ( 2000/ somegroup)
but more importantly neither the owner nor group for the file was associated with the suexec user that was being used for mod_fcgid. A quick
chown -R suexecuser:suexecgroup command later on the folder holding my http files (
-R makes it recursive) and my PHP file was working like a charm. Just make sure you replace
suexecgroup with your actual suexec user and group (this is specified in my
So in the end, to solve my "(13) Permission Denied" / "403 Unauthorized" / ".htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable" / "No input file specified" errors I had to:
- Check the Apache error_log file
- Check the MediaTemple knowledge base
- Use the
ls) command to check file permissions and ownership
- Use the
chmod o+xcommand to make sure Apache can descend into any directory holding files you want served
- Use the
chown -R suexecuser:suexecgroupcommand to make sure Apache can access and execute your code