LinuxQuestions.org - [SOLVED] 403 problem: OpenSuse 11 with Apache 2.2

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - 403 problem: OpenSuse 11 with Apache 2.2 (https://www.linuxquestions.org/questions/linux-newbie-8/403-problem-opensuse-11-with-apache-2-2-a-761164/)

403 problem: OpenSuse 11 with Apache 2.2

Hi!

I am new to this Forum and new to Linux, and am enjoying the superb performance of this OS.

I have installed all packages needed for a LAMP server and configured the settings for Apache as far as I know how, but I still get a 403 when trying to access ANYTHING on the server, except http://server/manual, which gives me the Apache Manual.

/etc/apache2/httpd.conf :

Code:

Include /etc/apache2/uid.conf

Include /etc/apache2/server-tuning.conf

ErrorLog /var/log/apache2/error_log

Include /etc/apache2/sysconfig.d/loadmodule.conf

Include /etc/apache2/listen.conf

Include /etc/apache2/mod_log_config.conf

Include /etc/apache2/sysconfig.d/global.conf

Include /etc/apache2/mod_status.conf

Include /etc/apache2/mod_info.conf

Include /etc/apache2/mod_usertrack.conf

Include /etc/apache2/mod_autoindex-defaults.conf

TypesConfig /etc/apache2/mime.types

DefaultType text/plain

Include /etc/apache2/mod_mime-defaults.conf

Include /etc/apache2/errors.conf

Include /etc/apache2/ssl-global.conf



<Directory />

    Options None

    Order deny,allow

    Deny from all

    

</Directory>



AccessFileName .htaccess



<Files ~ "^\.ht">

    Order allow,deny

    Deny from all

</Files>



DirectoryIndex index.php index.html index.html.var



Include /etc/apache2/default-server.conf

Include /etc/apache2/sysconfig.d/include.conf

Include /etc/apache2/vhosts.d/*.conf

/etc/apache2/default-server.conf

Code:

DocumentRoot /srv/www/htdocs



<Directory "/srv/www/htdocs">

        Options None

        AllowOverride None

        Order allow,deny

        Allow from all

</Directory>



Alias /icons/ "/usr/share/apache2/icons/"



<Directory "/usr/share/apache2/icons">

 Options Indexes MultiViews

 AllowOverride None

 Order allow,deny

 Allow from all

</Directory>



ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/"



<Directory "/srv/www/cgi-bin">

 AllowOverride None

 Options +ExecCGI -Includes

 Order allow,deny

 Allow from all

</Directory>



<IfModule mod_userdir.c>

UserDir public_html

Include /etc/apache2/mod_userdir.conf

</IfModule>



Include /etc/apache2/conf.d/*.conf



Include /etc/apache2/conf.d/apache2-manual?conf

ServerName

ServerAdmin

/etc/sysconfig/apache2 :

Code:

APACHE_CONF_INCLUDE_FILES=""

APACHE_CONF_INCLUDE_DIRS=""

APACHE_MODULES="suexec authz_host actions alias auth_basic authz_groupfile authn_file authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif status asis imagemap ssl php5 authz_default"

APACHE_SERVER_FLAGS="SSL"

APACHE_HTTPD_CONF=""

APACHE_MPM=""

APACHE_SERVERADMIN=""

APACHE_SERVERNAME=""

APACHE_START_TIMEOUT="2"

APACHE_SERVERSIGNATURE="on"

APACHE_LOGLEVEL="warn"

APACHE_ACCESS_LOG="/var/log/apache2/access_log combined"

APACHE_USE_CANONICAL_NAME="off"

APACHE_SERVERTOKENS="OS"

APACHE_EXTENDED_STATUS="off"

APACHE_BUFFERED_LOGS="off"

APACHE_TIMEOUT="300"

Hi and welcome to LQ

Check the apache error.log to see why you get this error.
Make sure you have an index.html in /srv/www/htdocs and also that this directory has the execute bit on:

Code:

chmod +x /srv/www/htdocs

Regards

'index.php' exists, and should work because:

Code:

DirectoryIndex index.php index.html index.html.var

I have set all permissions to 755, but when running

Code:

chmod +x -v /srv/www/htdocs

changes to 775, which means the group went from r-x to rwx ... why?

But still the problem persists. Here are the logs:

error_log

Code:

[Mon Jul 14 10:11:58 2008] [crit] [client 10.0.0.10] (13)Permission denied: /srv/www/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

access_log

Code:

10.0.0.10 - - [14/Jul/2008:10:11:58 +0200] "GET / HTTP/1.1" 403 1033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1"

There is no .htaccess file, but do I really need it? The permissions ought to work according to httpd.conf and default-server.conf, right?

Regards

No, you don't need it (unless you do). It sounds like the file may exist in that location -- check with:

Code:

# file /srv/www/.htaccess

If it's there, delete it.

-------

Failing that, try changing your directive to the following:

Code:

AccessFileName .foomyfoo

Then restart Apache. Now does it work? If not, what messages do you see in the error log?

Quote:

Originally Posted by fmr (Post 3715715)

I have set all permissions to 755, but when running

Code:

chmod +x -v /srv/www/htdocs

changes to 775, which means the group went from r-x to rwx ... why?

Because that's what you told it to do, or didn't undo its prior state? Maybe it would be better to specify which of user, group and others you want the changes to apply to:

Code:

# chmod u+rwx,g+rx-w,o-rwx filename

Or something like that, based on your specific needs. And:

Code:

$ man chmod

This:

Code:

cd /srv/www

find -name .htaccess

returns nothing, and

Code:

file /srv/www/htdocs/.htaccess

returns the error "No such file or directory", as I expected.

I removed the AccessFileName directive, and restarted Apache ... no difference.
I changed the directive to:

Code:

AccessFileName .foobar

and restarted ... no difference

The error-log now states:

Code:

[Tue Jul 15 04:08:56 2008] [crit] [client 10.0.0.10] (13)Permission denied: /srv/www/.foobar pcfg_openfile: unable to check htaccess file, ensure it is readable

I then created an empty .foobar file in /srv/www, and did:

Code:

chmod 775 -v /srv/www/.foobar

It changed to rwxrwxr-x as expected.

The exact same error message appears in error_log when trying to load the page.

BTW:

Quote:

fmr: "changes to 775, which means the group went from r-x to rwx ... why?"
lutusp: "Because that's what you told it to do, or didn't undo its prior state?"

I told it to add the eXecute right, not the Write right. The x right was present (r-x or 5), and the w right was added (now rwx or 7), which puzzles me. I have used chmod before, so i did not go and read the manual as you suggested, but that is not important

Something definitely seems screwy. OTOH, you have a lot of Includes in place, and we're not sure what those configs are doing.

Next round:

Code:

#AccessFileName .htaccess

#

#<Files ~ "^\.ht">

#    Order allow,deny

#    Deny from all

#</Files>

Restart Apache and try again...

The AccessFileName default will be .htaccess anyway, but I'm curious to see what happens.

-------

I thought of one more thing. Add this to your Directory '/' config:

Code:

<Directory />

    Options None

    AllowOverride None

    Order deny,allow

    Deny from all

    

</Directory>

One more thing: you say requests to http//your.host/manual work. So what is in:

Code:

Include /etc/apache2/conf.d/apache2-manual?conf

All the include statements came with the Apache installation. I just removed all comments for readability. The only other document containing the <Document> tag is default-server.conf (available in my first post), as far as I know.

Commenting out the <files> part does nothing different, same error_log output. (The comment above that part said that it only prevents people from accessing those files through the website).

Using:

Code:

AllowOverride None

I get:

Code:

[Tue Jul 15 08:36:02 2008] [error] [client 10.0.0.10] (13)Permission denied: access to / denied

which is different.

Looking at apache2-manual.conf:

Code:

AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "/usr/share/apache2/manual$1"



<Directory "/usr/share/apache2/manual">

    Options Indexes

    AllowOverride None

    Order allow,deny

    Allow from all



    <Files *.html>

        SetHandler type-map

    </Files>



    SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1

    RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2

</Directory>

I understand everything here except Options, AllowOverride and SetHandler.

Bottom line: still not working.

Sorry this is taking so long, but frankly the config supplied by your distro is a mess. (Just my grouchy opinion.)

Here's one for you: do you have an index.html file in your DocumentRoot (/srv/www/htdocs)??

Try:

Code:

chown -R wwwrun:users /srv/www

chmod -R 755 /srv/www

If apache is running under a different user/group use those in the 1st command instead of wwwrun/users.

Quote:

(13)Permission denied: /srv/www/.htaccess pcfg_openfile:
(13)Permission denied: /srv/www/.foobar pcfg_openfile:

Why is it looking for .htaccess (or whatever the AccessfileName is), in /srv/www and not /srv/www/htdocs?
Check those *.conf files to see if there is another definition of DocumentRoot to be /srv/www.

Quote:

Originally Posted by bathory

Aha, good idea. That's very possible. And that scenario even passes an apachectl -t syntax check, unfortunately.

Quote:

Originally Posted by bathory

Try:

Code:

chown -R wwwrun:users /srv/www

Do you really think he should be changing ownership to the user Apache is running as? That seems dangerous. The permissions changes alone should be enough.

@anomie

Quote:

Do you really think he should be changing ownership to the user Apache is running as? That seems dangerous. The permissions changes alone should be enough.

I don't think it's dangerous, as I guess this is the original DocumentRoot and the OP has changed it to /srv/www/htdocs.

Regards

Quote:

Here's one for you: do you have an index.html file in your DocumentRoot (/srv/www/htdocs)??

I have both index.html and index.php in /srv/www/htdocs. Note that index.php is listed before index.html in the DocumentRoot directive.

Quote:

If apache is running under a different user/group use those in the 1st command instead of wwwrun/users.

I presume that apache is running as root. I installed it through yast, and it starts automatically when booting. the entire /srv/www directory and all its subdirectories and files are 775 (rwxrwxr-x).

I cannot find another definitions of DocumentRoot, so I still have the problem.

apache is not running as root in most cases. It starts with root privileges so it can bind on port 80 and then drops to the user/group defined by the respective directives (User and Group). Reading Suse documentation for apache, it looks like it run as wwwrun/users, so make sure that the whole /srv/www path is owned and readable/executable by that user/group.