LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 06-21-2003, 05:37 PM   #1
Drogo
Member
 
Registered: Oct 2002
Distribution: RedHat 8 or 9 (shrike)- Fedora Core 1,2
Posts: 215

Rep: Reputation: 30
Angry Apache 2.0.40 and document path


Im running RH9 and the default page is in /var/www/html and i will like to change it to ex: /home/user/www/ but it wont let me.

ive tryied everything


i change the document path and cgi path but im getting an 403 error message. im not sure if it has to do with permissions. Im also using SSL and ive heard that ssl and vhost dont like eachother........help please
 
Old 06-21-2003, 05:48 PM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 234Reputation: 234Reputation: 234
error 403 is forbidden, so most likely you didn't change the permissions. Usually by default for user's home directories, only they have read/write access, so if you didn't change the permissions on the directory your setting your default root directory for, then well, you need to change it accordingly.

man chmod

AFAIK, you can't use SSL for any of the virtual hosts.. but for the main server configuration you can still use it.. not totally positive on that one off top of my head though.
 
Old 06-21-2003, 05:54 PM   #3
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
The files must be readable (executeable for directories and scripts) by the user the server runs as. Look at the User and Group directives in httpd.conf

I usually leavethe files owned by the user who maintains them and chgrp the files to the user that the server runs as.
 
Old 06-21-2003, 07:47 PM   #4
cyph3r7
Member
 
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238

Rep: Reputation: 30
actually the files need to be readable by the group everyone. Doesn't matter who owns them or what the owner permissions are. Apache worries about the "r" for the files to everyone. go with something like 664 for the files in the directory you want to serve up static pages. CGI-BIN well that needs "x".
 
Old 06-21-2003, 08:30 PM   #5
Drogo
Member
 
Registered: Oct 2002
Distribution: RedHat 8 or 9 (shrike)- Fedora Core 1,2
Posts: 215

Original Poster
Rep: Reputation: 30
Well i almost got it ......one thing im missing
when i do a

http://localhost it goes to the new dir /home/user/www/

but if a do https://localhost

is still reading from old dir /var/www/html/ Why?

what im missing?
 
Old 06-21-2003, 11:32 PM   #6
Drogo
Member
 
Registered: Oct 2002
Distribution: RedHat 8 or 9 (shrike)- Fedora Core 1,2
Posts: 215

Original Poster
Rep: Reputation: 30
anyone?
 
Old 06-21-2003, 11:50 PM   #7
Drogo
Member
 
Registered: Oct 2002
Distribution: RedHat 8 or 9 (shrike)- Fedora Core 1,2
Posts: 215

Original Poster
Rep: Reputation: 30
Talking

Never mind , i got it ...........i had to make some changes on the ssl.conf file
 
Old 06-22-2003, 06:56 AM   #8
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
Quote:
Originally posted by cyph3r7
actually the files need to be readable by the group everyone. Doesn't matter who owns them or what the owner permissions are. Apache worries about the "r" for the files to everyone. go with something like 664 for the files in the directory you want to serve up static pages. CGI-BIN well that needs "x".
Actually - your wrong.

The user and or group that apache runs as must have access to the files be it readable, writable or executable. Making scripts readable by everyone on a system could be classed as a security threat as any user could be able to find security holes in one of the scripts alot easier than if they were guessing.
 
Old 06-22-2003, 09:09 AM   #9
cyph3r7
Member
 
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238

Rep: Reputation: 30
Quote:
Originally posted by david_ross
Actually - your wrong.

The user and or group that apache runs as must have access to the files be it readable, writable or executable. Making scripts readable by everyone on a system could be classed as a security threat as any user could be able to find security holes in one of the scripts alot easier than if they were guessing.
Before you make such definative staements friend be sure you are accurate....

Here is my setup and ooops look at that....it works like a champ Why? Becuase a webserver MUST be accessable globally by everyone. Now yes all the moving parts for apache, meaning executables must be able to be run by the owner APACHE however we are not discussing that. As far as CGI's go, hello they are executables that will need to be run globally also. CGI's are your responsibility to make sure they don't do something stupid.

Now check out my setup at home. I run about 30 production sites in a similar fashion for a fortune 50.

drwxr-xr-x 3 ftpuser ftp 4096 Jun 7 12:07 web1
drwxr-xr-x 2 apache apache 4096 Apr 23 09:33 web2

[root@webserver1 web1]# ls -l
total 9212
-rw-r--r-- 1 ftpuser ftp 15 Jun 7 12:07 index.html
-rw-r--r-- 1 ftpuser ftp 2216539 Apr 25 12:15 sawmill6.4.5_x86_linux.tar.gz
drwxr-xr-x 2 root root 4096 May 7 07:48 ssh

[root@webserver1 web2]# ls -l
total 4
-rw-r--r-- 1 apache apache 15 Apr 23 09:33 index.html

Note dir web1 does NOT have any referrence to the user apache and it works fine. Web2 does and it works too. All about the global read persmission for the group everyone.

As for the security threat of CGI's if you are gonna use then you better be prepared. they must be in a dir that has global execute for the group everyone or they will not work. When a user hits your site they do not hit it as the user of your apache server, meaning they do not read your pages or cgi's as the user apache. If they did that would be a HUGE security issue. SSI's well they are a different creature....server side....
 
Old 06-22-2003, 09:21 AM   #10
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
I am 100% acurate. I split the bullseye into pieces with one arrow. I couldn't be more sure. I do this for a living.

I'm not saying that it won't work if you use the all user bit since the webserver must afterall run as a user. What I am saying is that you DON'T need your files to be readable by all.

For the sake of argument here is a test process I went through to prove it:
Code:
[root@boycie root]# vi /var/www/html/test.html
<HTML>
<HEAD>
<TITLE>Hello World!</TITLE>
</HEAD>
<BODY>
<H1>Hello World!</H1>
</BODY>
</HTML>
~
~

"/var/www/html/test.html" [New] 9L, 96C written
[root@boycie root]# ls -l /var/www/html/test.html
-rw-r--r--    1 root     root           96 Jun 22 13:43 /var/www/html/test.html
[root@boycie root]# chmod 640 /var/www/html/test.html
[root@boycie root]# chgrp apache /var/www/html/test.html
[root@boycie root]# ls -l /var/www/html/test.html
-rw-r-----    1 root     apache         96 Jun 22 13:43 /var/www/html/test.html
Now when I vist "http://boycie/test.html" surprise surprise I get a page that said "Hello World!"

Last edited by david_ross; 06-22-2003 at 09:23 AM.
 
Old 06-27-2003, 10:48 AM   #11
cyph3r7
Member
 
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238

Rep: Reputation: 30
yes what you are saying is correct but not for what he wants to do. It looked like his request was to have pages readable from a users home directory. I don't think you would want your users in the apache group for security reasons.

In his case he should define a user in his/her own group and give "r" to everyone.

Looks like we were bickering semantics.....

Was a good education for non-apache aficionados
 
Old 06-27-2003, 11:05 AM   #12
Qwik
LQ Newbie
 
Registered: Jun 2003
Location: Austin, Texas
Distribution: Gentoo
Posts: 27

Rep: Reputation: 15
i learned some :P
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache path and kde path questions darkraider Debian 1 11-12-2005 06:07 AM
Apache 2: won't allow document root to be changed, plus more QtCoder Linux - Networking 1 11-06-2004 05:44 PM
Apache: Document Not Found error voyciz Linux - Software 3 06-17-2004 05:51 AM
Document Root in Apache Hal Linux - Newbie 2 10-28-2003 07:10 AM
Apache Document Root Path bowen Linux - General 8 11-29-2002 03:13 AM


All times are GMT -5. The time now is 08:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration