[resolved] Upgrading Apache to 2.4.65.* - /home/*/ "Permission denied"

mansuetus · 2025-09-13 23:18:37

If you encounter VERY weird errors with working code that loads some code in "/home", be aware that httpd.service has been updated :

https://gitlab.archlinux.org/archlinux/ … 391f7a89c3

To fix, run :

# mkdir /etc/systemd/system/httpd.service.d/
# vim /etc/systemd/system/httpd.service.d/LeaveHomeAlone.conf

The (new file to create) file should look like this :

[Service]
ProtectHome=off

IMHO, the apache Wiki should be updated, as it was for "AH01071: Got error 'Primary script unknown'", and it contains several examples including "/home/xxx" directories.

Last edited by mansuetus (2025-09-14 14:24:10)

seth · 2025-09-14 07:50:29

https://wiki.archlinux.org/title/Apache_HTTP_Server#AH01071:_Got_error_'Primary_script_unknown' is there for a while.
Why does your http server load code from questionable paths?
Have yo considered a bind-mount to map those into the server path?

Edit: also please don't post PSAs.
If this wasn't already in the wiki, the wiki would be the proper location to record the situation.
Some forum post will just get lost in time and space.

Last edited by seth (2025-09-14 07:51:24)

mansuetus · 2025-09-14 08:23:38

I've seen it preety old, but did not read this with my permission denied problem, since it was a CGI that "crashed" first (PHP crashed too, but I'm not using the pointed package, and did not see the "home", and did not understand it was "home related")

You're right about PSA. I posted it here since I spent hours of time screening this behaviour, and was looking for things here (or to be honest, I love the "comment" part on AUR packages that sometimes break. I think it would be great to have a "admin post only" annoucement on package mainteners, for improvement like those to be announced. Sorry if this place exists already :-)

The reason of this uncommon need of mine is I need _data_ to be read (not _code_ as I wrote too quickly) and it's easier for me to backup whole "/srv/" than having to manage several mountings and backup exclusions.

I'll post something in comments for WIKI, thank you for pointing this out.

seth · 2025-09-14 12:51:00

https://man.archlinux.org/man/mount.8#B … _operation
You can map even individual files this way.

Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.

mhill8 · 2025-09-15 01:45:10

I agree with the OP. In my case, my userdir (~/public_html/) started getting AH00035 errors after upgrading from 2.4.63-3 to 2.4.65-3 today, with absolutely no change in directory permissions. Changing all the dirs on the path to at 755 (previously a couple were 751) did not help. The pages loaded again after I downgraded back to 2.4.63-3, so I know Apache changed behavior. I didn't see any documentation regarding that error code in the Apache changelog, so this has been very puzzling and frustrating to track down, and I'm glad somebody else posted so others could find the fix.

gaucho · 2025-09-17 19:16:53

I also ran into this issue and wasted some time to find the reason by checking access rights over and over again before finally finding the issue in the bug reports of the arch package.

Now I updated my httpd to allow readonly access.

I would assume the correct approach for this is using the systemctl command:

# systemctl edit httpd

In the override file I added

[Service]
ProtectHome=read-only

Arch Linux

#1 2025-09-13 23:18:37

[resolved] Upgrading Apache to 2.4.65.* - /home/*/ "Permission denied"

#2 2025-09-14 07:50:29

Re: [resolved] Upgrading Apache to 2.4.65.* - /home/*/ "Permission denied"

#3 2025-09-14 08:23:38

Re: [resolved] Upgrading Apache to 2.4.65.* - /home/*/ "Permission denied"

#4 2025-09-14 12:51:00

Re: [resolved] Upgrading Apache to 2.4.65.* - /home/*/ "Permission denied"

#5 2025-09-15 01:45:10

Re: [resolved] Upgrading Apache to 2.4.65.* - /home/*/ "Permission denied"

#6 2025-09-17 19:16:53

Re: [resolved] Upgrading Apache to 2.4.65.* - /home/*/ "Permission denied"

Board footer