Permission denied: Could not open password file.

I am using Apache Red hat .

I have .htaccess in my /var/www/html with permissions as followed

-rwxr-xr-x. 1 apache apache 127 Dec 18 14:17 .htaccess

.htaccess has following data set inside it

AuthType Basic
AuthName "Restricted Access"
AuthUserFile /var/www/html/server-auth/.htpasswd
Require user manu

Permissions on var/www/html/server-auth/.htpasswd

-rwxr-xr-x. 1 apache apache 40 Dec 16 19:11 .htpasswd

When I open my web page on browser, and after putting username and password, the login prompts reappears. Even if the username and password is correct.

Error logs:

(13) Permission denied: Could not open password file: /var/www/html/server-auth/.htpasswd

access to / failed, reason: verification of user id 'manu' not configured

Any help!


You are having this problem because of SELinux security context.

To overcome this you need to change the selinux label of the directory/file in question.

You can find out the apache process security context using ps axZ | grep httpd.

And check the same for ls -Z /var/www/html/server-auth/.htpasswd

To adjust the directory labeling try: chcon command (it's like chown). To make it permanent you may use: semanage command.

Detail instructions and a must read here: https://wiki.centos.org/HowTos/SELinux


With SELinux enabled Apache is unable to read files unless they are of the same type domain as the running process.

First, check the type domain of the httpd process.

ps axZ|grep httpd

Second, check the type domain of the .htpasswd file.

ls -Z /var/www/html/server-auth/.htpasswd

Use the command chcon to change the domain of the file to match that of the httpd process.

Example:

chcon -Rv --type=httpd_sys_content_t /var/www/html/server-auth/.htpasswd

This will change it permanently but the default SELinux context will be re-applied if the file system were to be "relabeled". If a user initiates the relabel process SELinux will read rules from /etc/selinux/*/contexts/files and apply the rules to the file system. To avoid that from changing files modified with chcon you have to create a new rule using the command semanage.

Example:

semanage fcontext -a -t httpd_sys_content_t /var/www/html/server-auth/.htpasswd

Use chcon first, test by looking at the audit log in /var/log/audit/audit.log. When you are sure the correct SELinux rules are applied, save your changes with semanage.

You use the restorecon command if you need to rollback your changes. restorecon reads the rules from /etc/selinux/*/contexts/files and applies them to the file system.

Example:

restorecon -v /var/www/html/server-auth/.htpasswd

Read more about SELinux on CentOS here https://wiki.centos.org/HowTos/SELinux.


Try wrapping your AuthUserFile in

AuthType Basic
AuthName "Restricted Access"
AuthUserFile "/var/www/html/server-auth/.htpasswd"
Require user manu

That solved the issues for me.