1

after fresh install of phpMyAdmin on CentOS 8 Stream I've got problem with "Access Denied".

There isn't more than only simple text.

Console of browser says:

Failed to load resource: the server responded with a status of 403 (Forbidden)

The /var/log/httpd/error_log :

[Mon Apr 04 15:08:21.674947 2022] [proxy_fcgi:error] [pid XXX] [client XXX] AH01071: Got error 'Unable to open primary script: /var/www/html/phpmyadmin/index.php (Permission denied)'

I've installed it at /var/www/html/phpmyadmin. Nothing special has done.

Configured phpmyadmin.conf at /etc/httpd/conf.d like:

    Alias /phpmyadmin /var/www/html/phpmyadmin

<Directory /var/www/html/phpmyadmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
      Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /var/www/html/phpmyadmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require all granted
     </RequireAny>

   </IfModule>

   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>

</Directory>

Also granted to apache:

[root@machine html]$ ll -a
total 4
drwxrwxrwx.  3 root   root     24 Aug  3  2021 .
drwxr-xr-x.  5 root   root     63 Feb  1 11:53 ..
drwxr-xr-x. 13 apache apache 4096 Mar  3  2022 phpmyadmin

I haven't done nothing more. Does someone has an idea?

kalview
  • 11
  • 2
  • So, what *are* the permissions of /var/www/html/phpmyadmin/index.php? and: did you make sure that SELinux allows HTTPd script execution from that point? – Marcus Müller Apr 04 '22 at 13:26
  • `-rwxrwxrwx. 1 apache apache 20259 Jan 7 2020 index.php` it's the permissions. What do you mean about the SELinux allowing the script execution? – kalview Apr 04 '22 at 13:30
  • If I was your web server, I would reject that. It's far too permissive; making PHP scripts writable by the same user that executes them is a recipe for security issues. SELinux: probably something you want to have basic working knowledge of if you're deploying PHP to a modern Linux webserver you administrate yourself. Your phpmyadmin needs to have the right SELinux security label to allow execution of the PHP code. – Marcus Müller Apr 04 '22 at 13:34
  • 1
    I've changed the permissions, but I don't know how to gave SELinux allowance to execute the PHP code :/ – kalview Apr 04 '22 at 13:39
  • 1
    Worth looking at: [Stop installing phpMyAdmin](https://www.getpagespeed.com/server-setup/security/stop-installing-phpmyadmin). – Danila Vershinin Apr 04 '22 at 15:54
  • @kalview, I agree, you should look at Danila's comment. As for SELinux, the easiest way to see what's happening on that front is to look at logs: `journalctl -xe` -- scroll up as needed. You'll likely see an issue in which phpMyAdmin pages are not labeled appropriately for SELinux and you may see an error regarding your webserver's SELinux permissions for executing php scripts. Though, again, look over Danila's linked article before moving forward. – JG7 Apr 04 '22 at 16:08

0 Answers0