LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-01-2002, 03:07 PM   #1
Skywolf
LQ Newbie
 
Registered: Nov 2002
Distribution: Mandrake
Posts: 10

Rep: Reputation: 0
Apache 403 error with Mandrake 9.0


Well, here's the situation:

I installed Mandrake Linux 9.0 with Apache. I've made sure Apache group is part of my ~user groups, I've chmod the files in the user directory to be read by all.

And, when serving webpages from the root (/var/www/html) Apache serves them up just fine.

However, when trying to access a user directory (in this case (as example) http://www.website.com/~user) I get the 403 forbidden error.

I've tried adding the following to commonhttpd.conf:

<Directory /home/user>
Options -All -Multiview
AllowOverride All
Order allow,deny
Allow from all
</Directory>

to no avail. Also tried changing the Directory to /home/~user to no avail.

I'm running in runlevel 3, with little mods from the installation (if any).

Any ideas?
 
Old 12-02-2002, 04:03 PM   #2
fragglehorn
Member
 
Registered: Oct 2002
Location: I-Town, NY
Distribution: Debian, Slackware
Posts: 130

Rep: Reputation: 15
Skywolf,

What does your UserDir statement look like? Something like this?

<IfModule mod_userdir.c>
UserDir public_html
</IfModule>

Whatever directory name this statement specifies, create a directory under the user's home (ex: /home/user/public_html) and serve your web files from there. Don't forget to restart apache first!
 
Old 12-03-2002, 05:06 PM   #3
rednex269
LQ Newbie
 
Registered: Nov 2002
Location: Texas
Distribution: Redhat Linux 8.0
Posts: 18

Rep: Reputation: 0
Here is a update..

I replaced my httpd.conf with the one you sent... However, Still no luck with jsevy (http://192.168.0.3/~jsevy

just for poops and giggles, I created a new user... joey.. and made my public_html and the damn thing worked.,..

I tried my ~jsevy and no luck.. still error 403.. I acutally even put the public_html and the index.html as chmod 777

Suggestions?
 
Old 12-03-2002, 05:18 PM   #4
fragglehorn
Member
 
Registered: Oct 2002
Location: I-Town, NY
Distribution: Debian, Slackware
Posts: 130

Rep: Reputation: 15
Strange that one user is working and not the other...

From your first post, it looks like you've spent some time mucking with /home/jsevy in commonhttpd.conf. If you did anything that apache doesn't like, your 403 is explained. Did you back up your configuration files before editing them?
 
Old 12-03-2002, 10:54 PM   #5
rednex269
LQ Newbie
 
Registered: Nov 2002
Location: Texas
Distribution: Redhat Linux 8.0
Posts: 18

Rep: Reputation: 0
Of Course not... one thing I am courios about... is there a setting to not display the directory's contents if index.html is not present?

JS
 
Old 12-04-2002, 10:05 AM   #6
Skywolf
LQ Newbie
 
Registered: Nov 2002
Distribution: Mandrake
Posts: 10

Original Poster
Rep: Reputation: 0
UserDir

Actually, my userdir doesn't have anything in it... I wasn't going to leave it that way, but, since I couldn't get it to work in the first place, I never changed it.

I'm using a symbolic link from /var/www/html and that seems to work, but I know that's not the correct way .

-S
 
Old 12-11-2002, 11:30 AM   #7
Skywolf
LQ Newbie
 
Registered: Nov 2002
Distribution: Mandrake
Posts: 10

Original Poster
Rep: Reputation: 0
MSEC

Okay, I know this thread was getting old, but I looked at my security log:

msec, a Mandrake distribution program, is, hourly, changing the permissions of the home/user directory. When it changes the permissions (to 700 I think) Apache is unable to access it.

So, for those with Mandrake and Apache issues: Check msec.
 
Old 04-21-2003, 09:53 AM   #8
Rabbi Bob
LQ Newbie
 
Registered: Apr 2003
Location: ME
Distribution: Mandrake
Posts: 1

Rep: Reputation: 0
I was having the same problems in M9.0 and after reading this thread, I finally realized where my problem was:

SSL was ON and I was 403'ing on each call to the webpage. After I thought of this, I checked https://page and viola, there it was sitting there. Turned SSL off on the virtual host in webmin and it loaded perfectly under a normal call.

So, thanks in a roundabout way
 
Old 07-11-2003, 04:23 PM   #9
Kman_2nd
LQ Newbie
 
Registered: Jul 2003
Distribution: Mandrake Linux 9.1
Posts: 4

Rep: Reputation: 0
Lightbulb just had the same problem.. thought I shared my solution

Just had the same problem and found this posting trough google (hurray for google! ) and I thought I'd share my solution with you all.

The reply about msec setting the permissions to /home/* (i.e. all the user-directories in the home dir) was completely correct. This does prevents Apache from reaching the public_html dirs in those home directories.

Just chmodding all the homedirs doesn't really help, because msec will convert them back to permissionlevel 700 every x minutes. To let msec set another permissionlevel, check the perm.<mseclevel you're using> in the /usr/share/msec directory (for example, if you're on msec level 4, you need to check perm.4). If you open that file, you'll find a whole list of directories and files, with the values for user and group names and permissionlevels which msec will set every now and then. Just change the permissionlevel of /home/* to 755 and Apache can do it's magic on it again.

If someone knows a better permlevel then 755, be my guest. I haven't been able to make it work under a more strict permlevel.
 
Old 07-15-2003, 06:32 AM   #10
Kman_2nd
LQ Newbie
 
Registered: Jul 2003
Distribution: Mandrake Linux 9.1
Posts: 4

Rep: Reputation: 0
another update about my solution.

chmodding all the home directories to 755 doesn't seem very secure, 'cause all the users on that machine can read all files of eachothers homedirectory. Permissionlevel 751 does enable apache to reach the folder (as public_html is worldreadable). But I think it's more secure to assign the homedirectories to a specific group where apps who need to get into homedirs (like apache) can be assigned to, and set the homedirs themself to 750 permission again.

any comment on this?
 
Old 07-15-2003, 08:30 AM   #11
Dannyboy
LQ Newbie
 
Registered: Jul 2003
Posts: 1

Rep: Reputation: 0
Better permission level

The home directories only need to be 711 - apache needs execute permissions only

Cheers for the pointer on where to find the msec "perm" settings - that was doing my head in for a while!

Peace,
Dan
 
Old 07-15-2003, 08:46 AM   #12
Kman_2nd
LQ Newbie
 
Registered: Jul 2003
Distribution: Mandrake Linux 9.1
Posts: 4

Rep: Reputation: 0
giving world-execution rights to the homedirs does enable apache to access them, but it also allows all other users to 'traverse' other peoples homedirectories.

For example:

my homedir contains the directories
public_html (for my website) and
documents

If another user knows or guesses the name of my documents directory, he/she/it can easily do a cd /home/kman_2nd/documents to access my personal docs. This is because, at least on my machine, all directories made by my user have world-read and world-execute permissions by default.

Don't know how to change this... anyone has an idea?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache 403 error with Mandrake 10.1 MooCows Linux - Networking 15 03-19-2005 05:50 PM
Apache and cgi 403 Error. tethysgods Linux - Software 2 08-30-2004 10:06 AM
Apache 403 Error?? jlsain Linux - Software 4 05-08-2004 04:45 PM
apache 403 error fix cortj Linux - Software 0 02-25-2003 04:27 PM
apache 403 error forbidden? bulliver Linux - General 4 01-31-2003 08:47 AM


All times are GMT -5. The time now is 02:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration