LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 09-14-2007, 04:47 PM   #1
brettreyu
LQ Newbie
 
Registered: Aug 2007
Posts: 9

Rep: Reputation: 0
Red Hat, help with Apache access denied errors while running Twiki


This is going to be a little long winded but here goes.

We are running a TWiki page on a server located on our internal network. Users visit twiki.ourlocation.com from anywhere and input their username and password to gain access. The username and password is stored in a .htpasswd file.

Everything was working fine until I attempted to add myself to the part of twiki.conf that allows access to the configure script in Twiki. I saved, restarted apache, and then all logins broke. Nobody can login now, been working with Twiki people in IRC but nothing has helped.

Here is the twiki.conf file

Quote:
# Autogenerated httpd.conf file for TWiki.
# Generated at http://twiki.org/cgi-bin/view/TWiki/...onfigGenerator

# Block access to typical spam related attachments
# Except the TWiki directory which is read only and does have attached html files.
SetEnvIf Request_URI "twiki/pub/.*\.[hH][tT][mM]?$" blockAccess
SetEnvIf Request_URI "twiki/pub/TWiki/.*\.[hH][tT][mM]?$" !blockAccess

#Block access from badly behaving robots and site sucking type programs.
BrowserMatchNoCase ^SiteSucker blockAccess
BrowserMatchNoCase ^iGetter blockAccess
BrowserMatchNoCase ^larbin blockAccess
BrowserMatchNoCase ^LeechGet blockAccess
BrowserMatchNoCase ^RealDownload blockAccess
BrowserMatchNoCase ^Teleport blockAccess
BrowserMatchNoCase ^Webwhacker blockAccess
BrowserMatchNoCase ^WebDevil blockAccess
BrowserMatchNoCase ^Webzip blockAccess
BrowserMatchNoCase ^Attache blockAccess
BrowserMatchNoCase ^SiteSnagger blockAccess
BrowserMatchNoCase ^WX_mail blockAccess
BrowserMatchNoCase ^EmailCollector blockAccess
BrowserMatchNoCase ^WhoWhere blockAccess
BrowserMatchNoCase ^Roverbot blockAccess
BrowserMatchNoCase ^ActiveAgent blockAccess
BrowserMatchNoCase ^EmailSiphon blockAccess
BrowserMatchNoCase ^CrownPeak-HttpAgent blockAccess
BrowserMatchNoCase ^$ blockAccess

# The ScriptAlias defines the bin directory as a directory where CGI
# scripts are allowed.
# The first parameter will be part of the URL to your installation e.g.
# http://my.co.uk/twiki/bin/view/...
# The second parameter must point to the physical path on your disc.
ScriptAlias /twiki/bin "/var/www/html/twiki/bin"

# The Alias defines a url that points to the root of the twiki installation.
# It is used to access files in the pub directory (attachments etc)
# It must come _after_ the ScriptAlias.
Alias /twiki "/var/www/html/twiki"

# This specifies the options on the TWiki scripts directory. The ExecCGI
# and SetHandler tell apache that it contains scripts. "Allow from all"
# lets any IP address access this URL.
<Directory "/var/www/html/twiki/bin">
AllowOverride All
Order Allow,Deny
Allow from all
Deny from env=blockAccess

Options ExecCGI FollowSymLinks
SetHandler cgi-script

# Password file for TWiki users
AuthUserFile /var/www/html/twiki/.htpasswd
AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.'
AuthType Basic

# File to return on access control error (e.g. wrong password)
# By convention this is the TWikiRegistration page, that allows users
# to register with the TWiki. Apache requires this to be a *local* path.
ErrorDocument 401 /twiki/bin/view/TWiki/TWikiRegistration

# Limit access to configure to specific IP addresses and or users.
# Make sure configure is not open to the general public.
# It exposes system details that can help attackers.
<FilesMatch "^(configure)$">
SetHandler cgi-script
Order Deny,Allow
Deny from all
Allow from 192.168.1.127 , 124.0.0.1
Require user "UserName removed"
Satisfy Any
</FilesMatch>

<FilesMatch "^(view)$">
SetHandler cgi-script
Order Deny,Allow
Deny from all
Allow from 192.168.1.127 , 124.0.0.1
Require valid-user
Satisfy Any
</FilesMatch>


# When using Apache type login the following defines the TWiki scripts
# that makes Apache ask the browser to authenticate. It is correct that
# scripts such as view are not authenticated.
<FilesMatch "(attach|edit|manage|rename|save|upload|mail|logon|.*auth).*">
require valid-user
</FilesMatch>

</Directory>

# This sets the options on the pub directory, which contains attachments and
# other files like CSS stylesheets and icons. AllowOverride None stops a
# user installing a .htaccess file that overrides these options.
# Note that files in pub are *not* protected by TWiki Access Controls,
# so if you want to control access to files attached to topics you need to
# block access to the specific directories same way as the ApacheConfigGenerator
# blocks access to the pub directory of the Trash web
<Directory "/var/www/html/twiki/pub">
Options None
AllowOverride None
Order Allow,Deny
Allow from all
Deny from env=blockAccess

# Disable execusion of PHP scripts
php_admin_flag engine off

# This line will redefine the mime type for the most common types of scripts
# It will also deliver HTML files as if they are text files
AddType text/plain .html .htm .shtml .php .php3 .phtml .phtm .pl .py .cgi
</Directory>

# Spammers are known to attach their stuff and then move it to trash where it remains unnoticed.
# We prevent viewing any attachments directly from pub
<Directory "/var/www/html/twiki/pub/Trash">
deny from all
</Directory>

# Security note: All other directories should be set so
# that they are *not* visible as URLs, so we set them as =deny from all=.
<Directory "/var/www/html/twiki/data">
deny from all
</Directory>

<Directory "/var/www/html/twiki/templates">
deny from all
</Directory>

<Directory "/var/www/html/twiki/lib">
deny from all
</Directory>

<Directory "/var/www/html/twiki/locale">
deny from all
</Directory>

<Directory "/var/www/html/twiki/tools">
deny from all
</Directory>
Here is the error that I receive in /var/log/httpd/error_log

Quote:
[Fri Sep 14 07:27:01 2007] [error] [client 192.168.1.1] (13)Permission denied: Could not open password file: /var/www/html/twiki/.htpasswd
[Fri Sep 14 07:27:01 2007] [error] [client 192.168.1.1] access to /twiki/bin/view failed, reason: verification of user id 'BrettHancock' not configured
Weird thing that I noticed is the .htpasswd file is displaying a 2 for the name of the file is also in green.

Quote:
-rwxr-xr-x 2 apache apache 4051 Sep 14 06:58 .htpasswd
I've tried nearly everything I can think of and am completely at a loss. I don't think it's a Twiki problem, I think it's an Apache problem or the .htpasswd file is corrupted somehow. Any help is appreciated. Thanks!
 
Old 09-14-2007, 07:49 PM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,066

Rep: Reputation: 295Reputation: 295Reputation: 295
The 2 is the link count to the file. This means two names link to the inode of the file. The .htpasswd should not be executable. With a link count of 2 and the execute bit set that file almost looks like a directory (a directory always has a link count of at least 2, one for the dir name and one for . in the directory). What does "file .htpasswd" (no quotes) show ? Have you inspected the contents of .htpasswd to make sure they have the correct format?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
apache public_html access denied willigiann Linux - Networking 2 12-12-2006 11:36 AM
Access denied when running F-prot preeth26 Linux - Security 6 03-02-2006 12:36 PM
apache and webmin - access denied? Moebius Linux - Software 1 10-12-2004 08:23 AM
Apache 403 Access Denied spintrance7 Linux - Software 2 10-13-2003 01:56 PM
Twiki?? Linux Twiki, or POSIX Twiki??? jdii1215 General 4 05-21-2003 10:43 AM


All times are GMT -5. The time now is 11:08 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration