When access is denied to certain files folders it might be SELinux. You can check this in the /var/log/audit/audit.log
In this example we have changed the html folder in /var/www/ for the Apache HTTP server.
sudo cat /var/log/audit/audit.log | grep denied
In the log:
type=AVC msg=audit(1489911451.999:62): avc: denied { open } for pid=870 comm="httpd" path="/var/www/html/index.html" dev="xvda1" ino=18607560 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
View the SELinux rights with:
ls -Z /var/www/
You can now fix this with:
semanage fcontext -a -t httpd_sys_content_t "/var/www/html(/.*)?" restorecon -R -v /var/www/html
The last statement is to make the change permanent. If you also want to change the unconfined_u:object_r into system_u:object_r you need to do:
restorecon -R -F -v /var/www/html
This is the result:
[root@ip-10-0-0-232 www]# ls -Z drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html