Permission denied: Could not open password file.

Solution 1:

You are having this problem because of SELinux security context.

To overcome this you need to change the selinux label of the directory/file in question.

You can find out the apache process security context using ps axZ | grep httpd.

And check the same for ls -Z /var/www/html/server-auth/.htpasswd

To adjust the directory labeling try: chcon command (it's like chown). To make it permanent you may use: semanage command.

Detail instructions and a must read here:

Solution 2:

With SELinux enabled Apache is unable to read files unless they are of the same type domain as the running process.

First, check the type domain of the httpd process.

ps axZ|grep httpd

Second, check the type domain of the .htpasswd file.

ls -Z /var/www/html/server-auth/.htpasswd

Use the command chcon to change the domain of the file to match that of the httpd process.


chcon -Rv --type=httpd_sys_content_t /var/www/html/server-auth/.htpasswd

This will change it permanently but the default SELinux context will be re-applied if the file system were to be "relabeled". If a user initiates the relabel process SELinux will read rules from /etc/selinux/*/contexts/files and apply the rules to the file system. To avoid that from changing files modified with chcon you have to create a new rule using the command semanage.


semanage fcontext -a -t httpd_sys_content_t /var/www/html/server-auth/.htpasswd

Use chcon first, test by looking at the audit log in /var/log/audit/audit.log. When you are sure the correct SELinux rules are applied, save your changes with semanage.

You use the restorecon command if you need to rollback your changes. restorecon reads the rules from /etc/selinux/*/contexts/files and applies them to the file system.


restorecon -v /var/www/html/server-auth/.htpasswd

Read more about SELinux on CentOS here