Installation of Postfix, Dovecot and Roundcube

I followed the excellent TID on Linuxbabe and Postfix and Roundcube and it all worked perfectly until…

I get a 403. You don’t have permission to access this resource. Server unable to read htaccess file. Denying access to be safe.

I’ve even tried setting the permissions to 777 on .htaccess and still get the same error. I did chmod -R apache:apache /var/www.

Same problem. Anyone know what I’m doing wrong?

I’m assuming you mean this article? Install Roundcube Webmail on CentOS 8/RHEL 8 with Apache/Nginx

Did you do all the steps in step 6? Also, just to check, can you do this:

setenforce 0

this puts selinux in permissive mode, and then try the installer url again in the web browser? If it works, then it means an selinux issue is still outstanding and would need to be resolved - most likely due to /var/www/roundcube directory not having the correct contexts. To re-enable selinux again after, do:

setenforce 1

or reboot the server, and selinux will be enabled again.

If setting selinux in permissive allows you to continue the installation, it means that something in step 6 was missed. Check /var/log/audit/audit.log for more info. Or do:

audit2allow -a /var/log/audit/audit.log

and post the output here.

One of the first things I do is disable SELinux, it’s just a damn nuisance

Check /var/log/httpd/*_log files, especially access and error logs - if other log files have been configured in the apache configuration, then the name of the file might differ. Any permission problems if related to apache config should show in these files.

(13)Permission denied: [client] AH00529: /var/www/roundcube/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that ‘/var/www/roundcube/’ is executable, referer:

I did chmod -R 755 /var/www after the chown

Can you do:

ls -lh /var/www/roundcube/.htaccess

You may wish to do:

chmod 664 /var/www/roundcube/.htaccess

to ensure it has rw-rw-r permissions.

Directories should have 755, so you have restricted/unrestricted it even more. The command 765 shouldn’t be used on files as you make them executable.

ls -lh /var/www/roundcube/.htaccess
-rwxrwxrwx. 1 apache apache 2.5K Jul 23 22:17 /var/www/roundcube/.htaccess

Yeah that is too much. Due to the incorrect chown command, you need to fix this:

cd /var/www/
chown -R apache:apache .
find . -type d -exec chmod 755 '{}' \;
find . -type f -exec chmod 640 '{}' \;

that will ensure the directories have the correct permissions, as well as the files. type d being directories, type f being files.

Did that. Still the same problem

So have to check apache configuration, since file permissions are fine. If selinux is disabled, then it’s not this. So I think means that only apache can be the problem now.

I expect the /var/www/roundcube doesn’t have an allow override all option, eg in the apache config for roundcube that you did:

<Directory /var/www/roundcube>
    AllowOverride all

this is explained in Step 4 of the LinuxBabe howto.

The file in /etc/httpd/conf.d named is IDENTICAL to the one in Linuxbabe, except I changed the first line to the above.


How do I know it’s identical? I cut and pasted it!

Maybe you know that, but I don’t since I cannot see your server, nor can I see the confile files. Nor can I know if you checked and set the permissions properly.

Either way, if it was configured properly it would work. So… I suggest you make sure 100% that you followed the article properly.

<VirtualHost *:80>
  DocumentRoot /var/www/roundcube/

  ErrorLog /var/log/httpd/roundcube_error.log
  CustomLog /var/log/httpd/roundcube_access.log combined

  <Directory />
    Options FollowSymLinks
    AllowOverride All

  <Directory /var/www/roundcube/>
    Options FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all

All the commands you gave me, I also cut and pasted so there are no typos or spelling mistakes. So if your commands are correct, so are my permissions.

Can you post the results of:


please copy/paste from the console, so we can be 100% sure selinux is disabled.

Someone on roundcube forum had the same problem, and it was selinux-related: pcfq_openfile: unable to check htaccess file...

Interesting problem:
This is my selinux.config file:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.


WTF is going on now?

Maybe you didn’t reboot after changing the config? So:

setenforce 0

and check the roundcube installer again? Or, reboot to make sure selinux is disabled. After reboot, run getenforce again to make sure.

OK, I’ll do that, but as soon as the installation dnf update is over, I disable selinux and it must have been rebooted at least 20 times since then.

After setting setenforce 0
setenforce 0
[root@hermes ~]# getenforce

I want it DISABLED. How do I do that?

We will concentrate on that later, now that it says permissive, check the installer. Does it work?

The answer - Yes and No
yes it goes to the install screen, but I see
Checking available databases

Check which of the supported extensions are installed. At least one of them is required.
SQLite:  OK

MySQL is installed and setup as per Linuxbabe.

SELinux again?

I’m going to reboot the blasted thing - again!