LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-15-2006, 02:25 AM   #1
psychobyte
Member
 
Registered: Sep 2003
Location: Central Coast, California
Posts: 179

Rep: Reputation: 30
trouble with apache password file


Hi,

I'm running apache 2.2.3.

I have some directories password protocted. I changed the password file with usernames
and password to an directory outside of the conf directory, actually it is now in the
same directory as my certificates. How I get an error w/ permission denied/couldn't open password file.

However, it can't be the permissions as it has the same permissions as the password file in my
conf directory and the same permissions as my certificates 760. The certificates work but, reading the password file doesn't? Also reading the password file in my conf directory works.
Is this a core rule of apache to not move the password file out of the conf directory?

Error Message:

[Tue Aug 15 00:15:57 2006] [error] [client 68.4.92.87] (13)Permission denied: Could not open password file: /srv/certsdir/apachedir/APACHEPASSWD
 
Old 08-15-2006, 05:41 AM   #2
penguintutor
Member
 
Registered: Jun 2006
Location: UK
Distribution: Ubuntu, Mandriva, Redhat and Fedora
Posts: 118

Rep: Reputation: 15
Code:
Is this a core rule of apache to not move the password file out of the conf directory?
No. The password file can be located anywhere on disk as long as apache has permission to read it. My guess is that this may be a problem with permissions on the directory.

When apache runs it runs as root, so should be able to read all it's configuration files regardless of owner. The processes that are used to handle the incoming requests however do not run as root, and it is those that need to be able to read the password file. Typically this can run under one of the usernames nobody, apache or www-data, depending upon the distribution (or configuration). You should check that permission is given for the non-privileged user to be able to read and execute in the containing directory (and directories upwards of that), and to be able to read the password file.
 
Old 08-15-2006, 09:05 AM   #3
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,894

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
As penguintutor said you can have the apache password file anywhere you want. But since you changed its location you must edit the .htaccess file inside each protected directory and change the AuthUserFile to point to the new location.
 
Old 08-15-2006, 12:02 PM   #4
psychobyte
Member
 
Registered: Sep 2003
Location: Central Coast, California
Posts: 179

Original Poster
Rep: Reputation: 30
Ok,

Yes, the permissions on the parent directory didn't let 'apache' user access the directory. So
I figured out that at startup apache reads the ssl certs as root. Any authentications request are handled by the 'apache' user.

good to know.

Thanks for the help.
 
Old 08-16-2006, 01:31 AM   #5
penguintutor
Member
 
Registered: Jun 2006
Location: UK
Distribution: Ubuntu, Mandriva, Redhat and Fedora
Posts: 118

Rep: Reputation: 15
Thumbs up Already Solved - additional info on apache config files vs .htaccess

Quote:
must edit the .htaccess file inside each protected directory and change the AuthUserFile
Better still the AuthUserFile directive should be in httpd.conf (or whatever configuration file your distribution uses - e.g. vhost files). This means you need to have write permissions to the apache config files (the main reasons for allowing .htaccess instead), but is more secure and has less performance impact (especially if you turn of the AllowOverride directive).

As a general guide:
If you have write permissions to the apache config then include all your directives there and disable AllowOverride - if someone else owns the server then you're probably stuck with .htaccess.
 
  


Reply

Tags
apache, authentication, htaccess, permissions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
I'm having trouble setting up a new user, especially the password donJulio Slackware 8 08-09-2006 02:59 AM
Apache and shadow password file fortezza Linux - Security 2 07-31-2005 06:49 PM
Root Password trouble dbarracuda Linux - Software 1 10-31-2004 11:56 AM
Password protected Apache ne21 Linux - Software 5 07-30-2004 01:08 AM
apache password protection demicheru Linux - Software 2 02-25-2003 05:13 PM


All times are GMT -5. The time now is 04:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration