Lighttpd

I am a newbie with lighttpd but have used apache in the past.
Am working with lighttpd 1.4.35, installed via yum on a centos 6.4 linux release.

Am trying to alias a directory into the document-root tree.
The default document-root is /var/www/lighttpd, and want to make an alias of /data/ which will map to directory /data/sa/. Have created /data/sa with ownership "mrostron" and permissions 711 (have also tried 755, same result).

When i execute query of "http://localhost/data", expecting it to map to /data/sa and give me a directory listing.
Instead i get "403 forbidden" message.

I get the same result using 755 permissions on /data/sa.
I get the same result symlinking /data/sa into /var/www/lighttpd (instead of alias).
i am assuming this is related to permissions on the directory /data/sa (or parent), but not having good result yet.

Other than copying the /data/sa content underneath /var/www/lighttpd, not sure where to go next.

Can anyone pls give me benefit of informed opinion.
thanks v much for your time
(information below)
mr

The directory info is as follows: =================================

[root@localhost proto]# ls -ld /
dr-xr-xr-x. 23 root root 4096 Nov 14 23:26 /
[root@localhost proto]# ls -ld /data
drwx--x--x. 3 mrostron mrostron 4096 Nov 14 23:26 /data
[root@localhost proto]# ls -ld /data/sa
drwxr-xr-x. 4 mrostron mrostron 4096 Nov 15 03:40 /data/sa

Configuration for lighttpd is: ==============================

[root@localhost conf.d]# cat mr.conf

alias.url = ( "/data" => "/data/sa" )
$HTTP["url"] =~ "^/data/.*" {
dir-listing.activate = "enable"
dir-listing.show-header = "enable"
dir-listing.show-readme = "enable"
}

The debug output is: ====================
2014-11-15 12:46:28: (response.c.339) -- splitting Request-URI
2014-11-15 12:46:28: (response.c.340) Request-URI : /data/
2014-11-15 12:46:28: (response.c.341) URI-scheme : http
2014-11-15 12:46:28: (response.c.342) URI-authority : localhost
2014-11-15 12:46:28: (response.c.343) URI-path (raw) : /data/
2014-11-15 12:46:28: (response.c.344) URI-path (clean): /data/
2014-11-15 12:46:28: (response.c.345) URI-query :
2014-11-15 12:46:28: (mod_access.c.135) -- mod_access_uri_handler called
2014-11-15 12:46:28: (response.c.473) -- before doc_root
2014-11-15 12:46:28: (response.c.474) Doc-Root : /var/www/lighttpd
2014-11-15 12:46:28: (response.c.475) Rel-Path : /data/
2014-11-15 12:46:28: (response.c.476) Path :
2014-11-15 12:46:28: (response.c.524) -- after doc_root
2014-11-15 12:46:28: (response.c.525) Doc-Root : /var/www/lighttpd
2014-11-15 12:46:28: (response.c.526) Rel-Path : /data/
2014-11-15 12:46:28: (response.c.527) Path : /var/www/lighttpd/data/
2014-11-15 12:46:28: (response.c.544) -- logical > physical
2014-11-15 12:46:28: (response.c.545) Doc-Root : /var/www/lighttpd
2014-11-15 12:46:28: (response.c.546) Basedir : /data/sa
2014-11-15 12:46:28: (response.c.547) Rel-Path : /data/
2014-11-15 12:46:28: (response.c.548) Path : /data/sa/
2014-11-15 12:46:28: (response.c.565) - handling physical path
2014-11-15 12:46:28: (response.c.566) Path : /data/sa/
2014-11-15 12:46:28: (response.c.573) -- file found
2014-11-15 12:46:28: (response.c.574) Path : /data/sa/
2014-11-15 12:46:28: (response.c.725) -- handling subrequest
2014-11-15 12:46:28: (response.c.726) Path : /data/sa/
2014-11-15 12:46:28: (mod_indexfile.c.150) -- handling the request as Indexfile
2014-11-15 12:46:28: (mod_indexfile.c.151) URI : /data/
2014-11-15 12:46:28: (mod_access.c.135) -- mod_access_uri_handler called
2014-11-15 12:46:28: (mod_dirlisting.c.927) -- handling the request as Dir-Listing
2014-11-15 12:46:28: (mod_dirlisting.c.928) URI : /data/
2014-11-15 12:46:28: (mod_dirlisting.c.680) opendir failed: /data/sa/ Permission denied
2014-11-15 12:46:28: (response.c.737) -- subrequest finished