Applicable to:
- Plesk for Linux
Symptoms
-
While trying to browse a website, the error
403 Forbiddenappears:CONFIG_TEXT: You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. -
The domain's error log
/var/www/system/example.com/logs/error_logcontains the following:CONFIG_TEXT: (13)Permission denied: /var/www/vhosts/example.com/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://example.com/
(13)Permission denied: [client 203.0.113.2:39024] AH00529: /var/www/vhosts/example.com/httpdocs/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/example.com/httpdocs/' is executable
Cause
Apache service does not have proper permissions to
vhost
or
httpdocs
folder.
Resolution
-
At first, try to repair permissions for the site.
For Plesk Onyx 17.8.-
Connect to the server via SSH
-
Execute the following command (replacing example.com with the domain name):
# plesk repair fs example.com
For Plesk Onyx 17.5 and lower:-
Connect to the server via SSH
-
Execute the following command (replace example.com in the command below with the domain name:
# INFO=($(MYSQL_PWD=`cat /etc/psa/.psa.shadow` mysql -uadmin psa -sN -e'SELECT h.www_root,s.login FROM domains d, hosting h, sys_users s WHERE s.id=h.sys_user_id AND h.dom_id=d.id AND d.name="example.com"')); chown -R ${INFO[1]}:psacln ${INFO[0]}; chown ${INFO[1]}:psaserv ${INFO[0]}
-
-
In case the issue will persist, check whether or not the site is compatible with PHP handler.
Click here to reveal additional information regarding this pointIn Plesk interface, navigate to Domains > example.com > PHP Settings and try to switch handlers (by FastCGI or to PHP-FPM) to a different one:
-
There is also a chance that the issue is a global one and affect all the websites. In that case, it is required to check Apache user permissions.
For Debian:-
Find the username that is used by the Apache service. This username is defined in the
APACHE_RUN_USERvariable in/etc/apache2/envvars:# grep APACHE_RUN_USER /etc/apache2/envvars
export APACHE_RUN_USER=www-data -
Add that user to the
psaservgroup. For example, if the Apache user iswww-data, you would add the user in thepsaservgroup as below:# usermod -a -G psaserv www-data
-
Restart web server
# service apache2 restart
For CentOS:- Add the
apacheuser to thepsaservgroup:
# usermod -a -G psaserv apache
-
Restart web server
# service httpd restart
-
Note: If the server is running on Proxmox VE, this configuration not going to work as expected. Please contact Proxmox support for further assistance.
Note: It also worth checking selinux in case of CentOS. Set it to permissive with setenforce 0 command to check it.
Comments
4 comments
HI!
just want to say, its not always the user.
sometimes its the group.
somehow it changed to psacln.
somehow example: client deleted the httpdocs folder and then recreated it.
so, solution is chown ftpuser:psaserv httpdocs in this situations
Hi @lev k , yes, that's correct, however article describes specific case when user is not in psaserv group
I am getting the same errors described in this article, but it does not look to be permissions.
After a service restart of Apache I can run the command:
lsof -c httpd | grep "apache-shm" | wc -l
And the count will be in the 20's or so.
As the day(s) go on that number will grow and grow up into the tens of thousands and eventually bomb websites on the Plesk server with a 403 error and the errors mentioned in the log files in this article.
Once it bombs out, the apache-shm count will go back down, sites will return to normal, but it will start to slowly climb back up.
Have had a support call/remote session with Plesk support, but have not had any luck finding a fix.
CentOS Linux release 7.5.1804
Plesk Onyx Version 17.5.3 Update #54
Hello @Brian,
As the issue is complex I suggest creating a follow-up ticket to Plesk support and double-check the issue.
Please sign in to leave a comment.