|
Apache 403 error with Mandrake 9.0
Well, here's the situation:
I installed Mandrake Linux 9.0 with Apache. I've made sure Apache group is part of my ~user groups, I've chmod the files in the user directory to be read by all. And, when serving webpages from the root (/var/www/html) Apache serves them up just fine. However, when trying to access a user directory (in this case (as example) http://www.website.com/~user) I get the 403 forbidden error. I've tried adding the following to commonhttpd.conf: <Directory /home/user> Options -All -Multiview AllowOverride All Order allow,deny Allow from all </Directory> to no avail. Also tried changing the Directory to /home/~user to no avail. I'm running in runlevel 3, with little mods from the installation (if any). Any ideas? |
Skywolf,
What does your UserDir statement look like? Something like this? <IfModule mod_userdir.c> UserDir public_html </IfModule> Whatever directory name this statement specifies, create a directory under the user's home (ex: /home/user/public_html) and serve your web files from there. Don't forget to restart apache first! |
Here is a update..
I replaced my httpd.conf with the one you sent... However, Still no luck with jsevy (http://192.168.0.3/~jsevy just for poops and giggles, I created a new user... joey.. and made my public_html and the damn thing worked.,.. I tried my ~jsevy and no luck.. still error 403.. I acutally even put the public_html and the index.html as chmod 777 Suggestions? |
Strange that one user is working and not the other...
From your first post, it looks like you've spent some time mucking with /home/jsevy in commonhttpd.conf. If you did anything that apache doesn't like, your 403 is explained. Did you back up your configuration files before editing them? |
Of Course not... one thing I am courios about... is there a setting to not display the directory's contents if index.html is not present?
JS |
UserDir
Actually, my userdir doesn't have anything in it... I wasn't going to leave it that way, but, since I couldn't get it to work in the first place, I never changed it.
I'm using a symbolic link from /var/www/html and that seems to work, but I know that's not the correct way :). -S |
MSEC
Okay, I know this thread was getting old, but I looked at my security log:
msec, a Mandrake distribution program, is, hourly, changing the permissions of the home/user directory. When it changes the permissions (to 700 I think) Apache is unable to access it. So, for those with Mandrake and Apache issues: Check msec. |
I was having the same problems in M9.0 and after reading this thread, I finally realized where my problem was:
SSL was ON and I was 403'ing on each call to the webpage. After I thought of this, I checked https://page and viola, there it was sitting there. Turned SSL off on the virtual host in webmin and it loaded perfectly under a normal call. So, thanks in a roundabout way :) |
just had the same problem.. thought I shared my solution
Just had the same problem and found this posting trough google (hurray for google! :) ) and I thought I'd share my solution with you all.
The reply about msec setting the permissions to /home/* (i.e. all the user-directories in the home dir) was completely correct. This does prevents Apache from reaching the public_html dirs in those home directories. Just chmodding all the homedirs doesn't really help, because msec will convert them back to permissionlevel 700 every x minutes. To let msec set another permissionlevel, check the perm.<mseclevel you're using> in the /usr/share/msec directory (for example, if you're on msec level 4, you need to check perm.4). If you open that file, you'll find a whole list of directories and files, with the values for user and group names and permissionlevels which msec will set every now and then. Just change the permissionlevel of /home/* to 755 and Apache can do it's magic on it again. If someone knows a better permlevel then 755, be my guest. I haven't been able to make it work under a more strict permlevel. |
another update about my solution.
chmodding all the home directories to 755 doesn't seem very secure, 'cause all the users on that machine can read all files of eachothers homedirectory. Permissionlevel 751 does enable apache to reach the folder (as public_html is worldreadable). But I think it's more secure to assign the homedirectories to a specific group where apps who need to get into homedirs (like apache) can be assigned to, and set the homedirs themself to 750 permission again. any comment on this? |
Better permission level
The home directories only need to be 711 - apache needs execute permissions only :p
Cheers for the pointer on where to find the msec "perm" settings - that was doing my head in for a while! Peace, Dan |
giving world-execution rights to the homedirs does enable apache to access them, but it also allows all other users to 'traverse' other peoples homedirectories.
For example: my homedir contains the directories public_html (for my website) and documents If another user knows or guesses the name of my documents directory, he/she/it can easily do a cd /home/kman_2nd/documents to access my personal docs. This is because, at least on my machine, all directories made by my user have world-read and world-execute permissions by default. Don't know how to change this... anyone has an idea? |
| All times are GMT -5. The time now is 12:18 AM. |