LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Still getting Apache 403 after adding Directory directive to Alias (https://www.linuxquestions.org/questions/linux-newbie-8/still-getting-apache-403-after-adding-directory-directive-to-alias-922743/)

Joshua Russo 01-08-2012 12:25 PM

Still getting Apache 403 after adding Directory directive to Alias
 
I'm trying to create an Alias to a directory outside of the Apache root. This is the entire contents of my httpd.conf

ServerName bellnetwork-local

Alias /bellnetwork/dev/static /home/josh/Dev/bell_network_stuff/git/dev/static_test
<Directory /home/josh/Dev/bell_network_stuff/git/dev/static_test>
Order Allow,Deny
Allow from all
</Directory>

I also gave Group and Other read and execute permission on static_test

What more do I need to do?

T3RM1NVT0R 01-08-2012 01:35 PM

@ Reply
 
Hi Joshua Russo,

How you are trying to access this directory? Are you trying to access it via wget or via browser? What is the link that you are using to access this directory.

How you have setup file system permission? Using acl or chmod? Did you give recursive permissions or just at the top level?

Is selinux enabled. If yes, please share the output of getsebool -a | grep httpd

Joshua Russo 01-08-2012 03:23 PM

Quote:

Originally Posted by T3RM1NVT0R (Post 4569598)
How you are trying to access this directory? Are you trying to access it via wget or via browser? What is the link that you are using to access this directory.

I'm accessing it with a web browser via http://localhost/bellnetwork/dev/sta...ages/logo3.png

Quote:

Originally Posted by T3RM1NVT0R (Post 4569598)
How you have setup file system permission? Using acl or chmod? Did you give recursive permissions or just at the top level?

I actually performed it from the gui file explorer on just the static_test folder, but I did tell it to Apply permission to enclosed files.

Quote:

Originally Posted by T3RM1NVT0R (Post 4569598)
Is selinux enabled. If yes, please share the output of getsebool -a | grep httpd

getsebool: SELinux is disabled

T3RM1NVT0R 01-08-2012 04:15 PM

@ Reply
 
Shouldn't you be accessing by typing the following: http://localhost/bellnetwork/dev/static

Take a backup of your httpd.conf and make the following changes to see if that works:

<Directory "/home/josh/Dev/bell_network_stuff/git/dev/static_test">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Make sure you restart apache post making the changes.

Joshua Russo 01-08-2012 04:36 PM

No that didn't seem to do anything.

I'm not accessing just /bellnetwork/dev/static/ because there's nothing but more directories in it

T3RM1NVT0R 01-08-2012 04:48 PM

@ Reply
 
Instead of going with alias why don't you go with Virtual host. Could you please share your httpd.conf file?

Joshua Russo 01-08-2012 06:25 PM

I included everything that I had in the httpd.conf in my first post.

I also tried the virtual host but I still get a 403 error. There has to be something simple I'm missing. This is the entirety of my httpd.conf now:

<VirtualHost *:80>
DocumentRoot /home/josh/Dev/bell_network_stuff/git/dev/static_test
ServerName bellnetwork-local
<Directory /home/josh/Dev/bell_network_stuff/git/dev/static_test>
Options Indexes MultiViews
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
</VirtualHost>

T3RM1NVT0R 01-08-2012 07:59 PM

@ Reply
 
Which distribution are you using. Usually httpd.conf file is pretty big. The file that you have pasted does not seem to be full httpd.conf file.

Joshua Russo 01-08-2012 08:16 PM

Mint 12, I did a fresh install of Apache 2.2 from the software manager.

Joshua Russo 01-08-2012 08:18 PM

There is also an apache2.conf that looks like this:

#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.2/ for detailed information about
# the directives.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default' server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "foo.log"
# with ServerRoot set to "/etc/apache2" will be interpreted by the
# server as "/etc/apache2/foo.log".
#

### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation (available
# at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
LockFile ${APACHE_LOCK_DIR}/accept.lock

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5

##
## Server-Pool Size Regulation (MPM specific)
##

# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
</IfModule>

# worker MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
# graceful restart. ThreadLimit can only be changed by stopping
# and starting Apache.
# ThreadsPerChild: constant number of worker threads in each server process
# MaxClients: maximum number of simultaneous client connections
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 0
</IfModule>

# event MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxClients: maximum number of simultaneous client connections
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 0
</IfModule>

# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#

AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>

#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain


#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

# Include module configuration:
Include mods-enabled/*.load
Include mods-enabled/*.conf

# Include all the user configurations:
Include httpd.conf

# Include ports listing
Include ports.conf

#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.

# Include generic snippets of statements
Include conf.d/

# Include the virtual host configurations:
Include sites-enabled/

T3RM1NVT0R 01-08-2012 08:32 PM

@ Reply
 
Thats a bit confusing because at first point I tought you would be running on CentOS or Fedora. Anyways that shouldn't matter in your case.

As you said that you get error 403 when you have configured it as follows:

Alias /bellnetwork/dev/static /home/josh/Dev/bell_network_stuff/git/dev/static_test
<Directory /home/josh/Dev/bell_network_stuff/git/dev/static_test>
Order Allow,Deny
Allow from all
</Directory>

Which user and group you have given access to static_test? As I can read from the last post you have given it explicitly on static_test but not at the top level. If not then how the user will get access to subdirectories?

Joshua Russo 01-08-2012 08:47 PM

I was just using my user. I had opened read and execute to everyone on that folder.

drwxr-xr-x 13 root josh 4096 2012-01-08 19:18 static_test

The folder is part of a website I'm developing. All I want is to have a local url that hosts the static files (the remainder is a Django project). I had it working and then reloaded the system and I'm not sure what I'm missing this time around.

What's the best way to go about doing what I want to do?

T3RM1NVT0R 01-08-2012 09:00 PM

@ Reply
 
Alright. Let me get this straight. You have got a directory /home/josh/Dev/bell_network_stuff/git/dev/static_test which contails files of the website that you are developing. Right?

You want a local link to this directory so that you can test how your website looks like. Is that what you are looking for?

If that is the case then you have to give same user and group access to this location who has got access to /var/www. Obviously this is your home directory so you cannot use chmod -R to give the apache user and group to give access. However, you can use setfacl command to provide them access. Easier way would be copying you dev directory under /var/www/ if possible?

Joshua Russo 01-08-2012 09:11 PM

Ya, that's about it, though I will need to modify the css, javascript, and images and I'd like to keep it all grouped together. I don't understand how I had it working before.

T3RM1NVT0R 01-08-2012 09:20 PM

@ Reply
 
You said that you had this working before. Did you make any changes recently to the system after which it stopped working?

Joshua Russo 01-08-2012 09:59 PM

Ya, I formatted and re-installed everything. I wanted a fresh start.

For the acl command, should I need to apply it from the home directory, or can I just do it on the static_test directory?

Joshua Russo 01-09-2012 09:41 AM

There must be some way to do this. All of the alias examples in the Apache docs use home: http://httpd.apache.org/docs/2.0/urlmapping.html

T3RM1NVT0R 01-09-2012 04:41 PM

@ Reply
 
In the link that you have posted I do not see any example in which author has used home. I will try to duplicate the way you want it to be but can't promise how soon I can, as it will depend on my schedule.

I have seen people setting up alias for directories but not for the one which is under their home directory. Because user is the owner of his home. I doubt it will work without configuring acl.

Let me see if there is some alternate way to get this done.

Joshua Russo 01-09-2012 05:39 PM

I was looking at the example
ScriptAliasMatch ^/~([a-zA-Z0-9]+)/cgi-bin/(.+) /home/$1/cgi-bin/$2

Joshua Russo 01-09-2012 07:51 PM

Ok, I found a solution, and thank you because it was via the setfacl command you suggested. I had tried it previously but I was using the wrong user.

sudo setfacl -R -m g:www-data:rx /home/josh/Dev

What I don't understand is why I had to apply it so far up the path. Do you know why it worked at the Dev level but not static_test, or some other directory deeper in the path?

T3RM1NVT0R 01-10-2012 12:38 PM

@ Reply
 
You're welcome.

Great that you got it working. Please mark the thread as solved.

To answer your query I need to know the acl for /home/josh. You can find that using the following command:

Code:

getfacl /home/josh
The reason I am asking for this information because it appears to me that earlier you have setup acl for the only at /home/josh level but did not perform it recursively. Then you setup acl at /home/josh/Dev/bell_network_stuff/git/dev/static_test which didn't work because the user was not able to get into /home/josh/Dev itself then how it can reach so deep in the path.

I will be able to say for sure if I know how acl is set on /home/josh

Joshua Russo 01-10-2012 06:08 PM

This is interesting. My initial attempt using setfacl was with root, that's why those entries are there.

# file: home/josh
# owner: josh
# group: josh
user::rwx
user:root:r-x
group::r-x
group:root:r-x
mask::r-x
other::r-x


# file: home/josh/Dev
# owner: josh
# group: josh
user::rwx
user:root:r-x
group::---
group:root:r-x
group:www-data:r-x
mask::r-x
other::---

What do the empty group and other entries with no permissions mean for home/josh/Dev?


All times are GMT -5. The time now is 03:46 PM.