Almost two weeks ago I ran into some issues with my apache web server configuration running PHP under mod_fcgid. These issues started with an unexpected 403 Forbidden
error, caused by a (13) Permission Denied
error on my .htaccess
file, and finally resulted in (due to my misconfiguration of PHP) a No input file specified
error.
Since it caused me a great deal of headache, and took me a while to figure out, I thought I'd share with you my debugging process. Keep in mind, I'm a software developer, not an Apache sysadmin wizard. So you httpd wizards out there, feel free to correct me where I'm missing the obvious.
I'm running a MediaTemple (dv) 3.0 virtual server under Plesk. My problems started shortly after that with arbitrary 403 Forbidden
responses to URLs I know should have worked. In fact, retrying the URL showed that it did work. As you'll see, the "sometimes works" part didn't last long.
The first step to solving a problem like this, or anything else, is to check logs. The Apache error log is the right log to start with. For me (MediaTemple (dv) 3.0 / Plesk) this was in the /var/www/vhosts/yourdomain.com/statistics/logs
directory. Apart from the usual noise in log files I did see a pretty conspicuous line:
(13)Permission denied:
[snip] .htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
This was pretty alarming because I had no .htaccess file in the particular directory indicated (the "[snip]" part). So I dug around on the internet for a while and found pretty much nothing of help about this problem. Keep in mind that everything was running just fine until this point. So I tried turning off AllowOverride in my global httpd.conf file (actually it goes in my vhost.conf file which Plesk includes for my virtual domain). I restarted Apache (service httpd restart
) and much to my dismay, I started getting 403 Prohibited
on every request. Yikes!
After finally digging through the MediaTemple knowledge base I found this little tidbit:
[...]permissions (755 or chmod o+x) on a directory created for alternate and subdomains is sufficient to serve web content. Anything else will prohibit Apache from entering the directory and showing your content to visitors.
So I did a stat
on my http documents directory and I see:
Access: (0644/drw-r--r--)
One chmod o+x
command later and my .html files are once again servable. Not sure what changed to cause the problem, but now everything was looking good and I was just about to close the issue as resolved.
Which brings me to the last problem I was getting on my PHP files: No input file specified
. This started another round of fruitless internet searches. The bottom line is that this meant that PHP couldn't execute the file. Well, another stat
command on the file in question showed:
Access: (0660/-rw-rw----) Uid: (1000/ someuser) Gid: ( 2000/ somegroup)
but more importantly neither the owner nor group for the file was associated with the suexec user that was being used for mod_fcgid. A quick chown -R suexecuser:suexecgroup
command later on the folder holding my http files (-R
makes it recursive) and my PHP file was working like a charm. Just make sure you replace suexecuser
and suexecgroup
with your actual suexec user and group (this is specified in my /var/www/vhosts/yourdomain.com/conf/vhost.conf
file).
So in the end, to solve my "(13) Permission Denied" / "403 Unauthorized" / ".htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable" / "No input file specified" errors I had to:
- Check the Apache error_log file
- Check the MediaTemple knowledge base
- Use the
stat
(or ls
) command to check file permissions and ownership
- Use the
chmod o+x
command to make sure Apache can descend into any directory holding files you want served
- Use the
chown -R suexecuser:suexecgroup
command to make sure Apache can access and execute your code