HTTP error 403: forbidden yum – Fix this error Now ?

HTTP error 403: forbidden yum happens when we try to install a package using yum. This error generally happens when there is permission issues on the server files and directories.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related HTTP queries.

In this context, we shall look into how to fix this HTTP error.

More about HTTP error 403 forbidden yum ?

Mostly, this happens as a result of issues with files in repos.d.

It's causes includes:

  • A corrupt repo.
  • Permission of packages.
  • SELinux issues.

How to resolve HTTP error 403 forbidden yum ?

1. Permission of packages

i. We check inside the directory structure of the yum server reports invalid permissions for few packages:

-rw-r–r– 1 root root 128676 Mar 12 00:49 pcp-libs-devel-3.10.9-9.0.1.el6.x86_64.rpm
-rw-r–r– 1 root root 104328 Mar 12 00:49 pcp-webapi-3.10.9-9.0.1.el6.x86_64.rpm
-rw-r—– 1 root root 11100 Mar 19 22:30 yum-config-ociSGW-1.0-6.el6.noarch.rpm < — Other User has no read access
-rw-r—– 1 root root 17932 Mar 19 22:30 oraclelinux-release-el6-1.0-6.el6.noarch.rpm
-rw-r–r– 1 root root 934052 Mar 20 02:21 suitesparse-static-3.4.0-9.0.1.el6.x86_64.rpm
-rw-r–r– 1 root root 148644 Mar 20 02:21 suitesparse-devel-3.4.0-9.0.1.el6.i686.rpm

ii. Then, for other users inside CentOS/RHEL/OL 6 latest channel directory, we grant read permission on the local yum server.

# cd /var/www/html/yum/OracleLinux/OL6/latest/x86_64/
# chmod -R o+r getpackages/

If we perform wget with debugging mode, it will reveal the permission or other access issues.

The diagnosis is as below,

# wget -d http://localyum/yum/OracleLinux/OL6/latest/x86_64/getPackage/oraclelinux-release-el6-1.0-6.el6.noarch.rpm
DEBUG output created by Wget 1.12 on linux-gnu.
–2019-05-06 11:02:17– http://localyum/yum/OracleLinux/OL6/latest/x86_64/getPackage/oraclelinux-release-el6-1.0-6.el6.noarch.rpm
Resolving localyum… x.x.x.x
Caching localyum => x.x.x.x
Connecting to localyum|x.x.x.x|:80… connected.
Created socket 3.
Releasing 0x00000000022931d0 (new refcount 1).
—request begin—
GET /yum/OracleLinux/OL6/latest/x86_64/getPackage/oraclelinux-release-el6-1.0-6.el6.noarch.rpm HTTP/1.0
User-Agent: Wget/1.12 (linux-gnu)
Accept: */*
Host: aeadsvap142-adp
Connection: Keep-Alive
—request end—
HTTP request sent, awaiting response…
—response begin—
HTTP/1.1 403 Forbidden
Date: Mon, 06 May 2019 07:02:25 GMT
Server: Apache/2.4.6 ()
Content-Length: 291
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
—response end—
403 Forbidden
Registered socket 3 for persistent reuse.
Skipping 291 bytes of body: [
<title>403 Forbidden</title>
<p>You don’t have permission to access /yum/OracleLinux/OL6/latest/x86_64/getPackage/oraclelinux-release-el6-1.0-6.el6.noarch.rpm
on this server.</p>
] done.
2019-05-06 11:02:17 ERROR 403: Forbidden.

2. Corrupt repo

If we have a repo file that is corrupt, we may stumble upon this error.

In such a case, we download the file again and then verify the repo.

$ curl https://URL_to_the_repo > /etc/yum.repos.d/FILENAME.repo

Then we verify it:

$ rpm -Vf /etc/yum.repos.d/FILENAME.repo

3. Disable SELinux

Sometimes, this error could trigger due to the SELinux policy. In order to fix it, we can disable the same.

i. To do so, we configure SELINUX=disabled in the /etc/selinux/config file:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.

ii. Then we reboot the system. Once done, we confirm that the getenforce command returns Disabled:

~]~ getenforce Disabled\

[Need help with fixing HTTP errors? We'd be happy to assist. ]


This article covers methods to resolve HTTP error 403 which happens as a result of issues with files in repos.d, permissions or SELinux. 

To fix this error:

Grant read permission for other users inside CentOS/RHEL/OL 6 latest channel directory on local yum server.