LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-01-2013, 10:37 AM   #1
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 203

Rep: Reputation: 26
Apache returns 403 Forbidden error message (Debian Squeeze)


Hi everyone,
I just added a symlink inside /var/www that points to a folder inside my home.
Code:
 php -> /home/gacanepa/Proyectos/PHP/
Then I set recursive 750 permissions to /home/gacanepa/Proyectos/PHP/ so that myself and everyone in my group would be able to read its contents.
Next step, I added user www-data (which supposedly is the user that runs apache2) to my group, and made sure it was added correctly.
That being said, I cannot open any file inside /home/gacanepa/Proyectos/PHP/ using a web browser because it returns a 403 Forbidden message.
Then I changed the permissions to 755 and it worked like a charm.
What I do not understand is why the 750 permissions would not work if www-data was added to my group, and why I had to give r+x permissions to others in order for it to work.
Any ideas will be more than welcome. Thanks in advance.
 
Old 02-01-2013, 10:58 AM   #2
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,661

Rep: Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256
So what group is Apache in?

If it is not the same group, then Apache cannot read it, and must use "other" which you have blocked.
 
Old 02-01-2013, 11:29 AM   #3
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 203

Original Poster
Rep: Reputation: 26
Quote:
Originally Posted by jpollard View Post
So what group is Apache in?

If it is not the same group, then Apache cannot read it, and must use "other" which you have blocked.
Here's the output of id -nG where it shows that user www-data has been added to the suplementary group gacanepa:
Code:
root@debian:/var/www# id -nG www-data
www-data gacanepa ossec
And here's the result of ls -l that shows the folder's permissions (I chmoded recursively from /home):

Code:
root@debian:/home/gacanepa# cd Proyectos
root@debian:/home/gacanepa/Proyectos# ls -l
total 4
drwxr-x--- 2 gacanepa gacanepa 4096 Feb  1 13:04 PHP
 
Old 02-01-2013, 12:44 PM   #4
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,661

Rep: Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256
So what group is the apache web server running under?

The server itself does not handle multi-groups - it only has one entry.
 
Old 02-01-2013, 12:50 PM   #5
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 203

Original Poster
Rep: Reputation: 26
Quote:
Originally Posted by jpollard View Post
So what group is the apache web server running under?

The server itself does not handle multi-groups - it only has one entry.
I assume, since this is Debian, that apache is running under the www-data group, with user www-data, but I may be wrong though - or probably I have a misunderstanding of how apache actually serves web pages.

Code:
gacanepa@debian:~$ ps aux | grep apache
root       523  0.0  4.0  39852 10212 ?        Ss   13:07   0:01 /usr/sbin/apache2 -k start
www-data   531  0.0  2.7  40332  7064 ?        S    13:07   0:00 /usr/sbin/apache2 -k start
www-data   532  0.0  2.7  40340  7068 ?        S    13:07   0:00 /usr/sbin/apache2 -k start
www-data   533  0.0  2.7  40332  7056 ?        S    13:07   0:00 /usr/sbin/apache2 -k start
www-data   534  0.0  2.7  40332  7096 ?        S    13:07   0:00 /usr/sbin/apache2 -k start
www-data   536  0.0  2.5  39852  6392 ?        S    13:07   0:00 /usr/sbin/apache2 -k start
www-data   561  0.0  2.5  39852  6396 ?        S    13:08   0:00 /usr/sbin/apache2 -k start
gacanepa  6052  0.0  0.2   3300   752 pts/0    S+   15:49   0:00 grep apache
 
Old 02-01-2013, 02:01 PM   #6
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,661

Rep: Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256
No. It is fine if apache is running with group www-data...

Now every file you want apache to access must also be group www-data. And any intervening directory (such as /home/gacanepa/Proyecto), must also allow access - either through group, or other. That would mean that /home (usually is rx-rx-rx, which allows other, but it might not be) /home /gacanepa and /home/gacanepa/Proyecto must also be group www-data, or allow other rx,
 
Old 02-01-2013, 03:50 PM   #7
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 203

Original Poster
Rep: Reputation: 26
Quote:
Originally Posted by jpollard View Post
No. It is fine if apache is running with group www-data...

Now every file you want apache to access must also be group www-data. And any intervening directory (such as /home/gacanepa/Proyecto), must also allow access - either through group, or other. That would mean that /home (usually is rx-rx-rx, which allows other, but it might not be) /home /gacanepa and /home/gacanepa/Proyecto must also be group www-data, or allow other rx,
That is why I was so confused in the first place. The following directories have permissions set to 750 (rwx for me, rx for my group, nothing for others):
Code:
/home/gacanepa
/home/gacanepa/Proyectos
/home/gacanepa/Proyectos/PHP
And finally,
Code:
/home/gacanepa/Proyectos/PHP/file.html
As I mentioned, under these circumstances, user www-data (whose primary group is www-data) was added to my group, and still I couldn't access file.html due to Error 403.
It wasn't until I chmoded the above directories to 755 that I was finally able to read file.html. Weird, huh?
 
Old 02-01-2013, 05:49 PM   #8
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,661

Rep: Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256
Not weird at all.

Those directories are not group www-data. Therefore the server could not traverse those directories.

And just because you are a member of the group www-data, doesn't mean the files are.

Last edited by jpollard; 02-01-2013 at 05:50 PM.
 
Old 02-06-2013, 02:52 PM   #9
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 203

Original Poster
Rep: Reputation: 26
Quote:
Originally Posted by jpollard View Post
Not weird at all.

Those directories are not group www-data. Therefore the server could not traverse those directories.
Thanks! that did the trick. I changed the group of those directories and it worked like a charm. Just like I thought, it was a misunderstanding of how apache was working.
Thanks you for taking the time to teach me. I'll add to your reputation right now and mark this thread as solved .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
403 - Forbidden(Apache error) amritpalpathak Linux - Software 5 04-21-2011 01:08 PM
Forbidden 403 error with my apache entz Linux - Software 2 12-17-2007 05:33 PM
https returns 403 forbidden error sumanc Linux - Server 2 12-11-2007 07:56 AM
Apache returns 'Forbidden 403' for phpMyAdmin Notwerk Linux - Software 1 01-24-2006 02:04 AM
apache error, 403 forbidden afrodocter Linux - Software 6 08-09-2004 08:35 PM


All times are GMT -5. The time now is 07:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration