Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have some directories password protocted. I changed the password file with usernames
and password to an directory outside of the conf directory, actually it is now in the
same directory as my certificates. How I get an error w/ permission denied/couldn't open password file.
However, it can't be the permissions as it has the same permissions as the password file in my
conf directory and the same permissions as my certificates 760. The certificates work but, reading the password file doesn't? Also reading the password file in my conf directory works.
Is this a core rule of apache to not move the password file out of the conf directory?
Error Message:
[Tue Aug 15 00:15:57 2006] [error] [client 68.4.92.87] (13)Permission denied: Could not open password file: /srv/certsdir/apachedir/APACHEPASSWD
Is this a core rule of apache to not move the password file out of the conf directory?
No. The password file can be located anywhere on disk as long as apache has permission to read it. My guess is that this may be a problem with permissions on the directory.
When apache runs it runs as root, so should be able to read all it's configuration files regardless of owner. The processes that are used to handle the incoming requests however do not run as root, and it is those that need to be able to read the password file. Typically this can run under one of the usernames nobody, apache or www-data, depending upon the distribution (or configuration). You should check that permission is given for the non-privileged user to be able to read and execute in the containing directory (and directories upwards of that), and to be able to read the password file.
As penguintutor said you can have the apache password file anywhere you want. But since you changed its location you must edit the .htaccess file inside each protected directory and change the AuthUserFile to point to the new location.
Yes, the permissions on the parent directory didn't let 'apache' user access the directory. So
I figured out that at startup apache reads the ssl certs as root. Any authentications request are handled by the 'apache' user.
Already Solved - additional info on apache config files vs .htaccess
Quote:
must edit the .htaccess file inside each protected directory and change the AuthUserFile
Better still the AuthUserFile directive should be in httpd.conf (or whatever configuration file your distribution uses - e.g. vhost files). This means you need to have write permissions to the apache config files (the main reasons for allowing .htaccess instead), but is more secure and has less performance impact (especially if you turn of the AllowOverride directive).
As a general guide:
If you have write permissions to the apache config then include all your directives there and disable AllowOverride - if someone else owns the server then you're probably stuck with .htaccess.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.