Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-01-2002, 02:07 PM
|
#1
|
LQ Newbie
Registered: Nov 2002
Distribution: Mandrake
Posts: 10
Rep:
|
Apache 403 error with Mandrake 9.0
Well, here's the situation:
I installed Mandrake Linux 9.0 with Apache. I've made sure Apache group is part of my ~user groups, I've chmod the files in the user directory to be read by all.
And, when serving webpages from the root (/var/www/html) Apache serves them up just fine.
However, when trying to access a user directory (in this case (as example) http://www.website.com/~user) I get the 403 forbidden error.
I've tried adding the following to commonhttpd.conf:
<Directory /home/user>
Options -All -Multiview
AllowOverride All
Order allow,deny
Allow from all
</Directory>
to no avail. Also tried changing the Directory to /home/~user to no avail.
I'm running in runlevel 3, with little mods from the installation (if any).
Any ideas?
|
|
|
12-02-2002, 03:03 PM
|
#2
|
Member
Registered: Oct 2002
Location: I-Town, NY
Distribution: Debian, Slackware
Posts: 130
Rep:
|
Skywolf,
What does your UserDir statement look like? Something like this?
<IfModule mod_userdir.c>
UserDir public_html
</IfModule>
Whatever directory name this statement specifies, create a directory under the user's home (ex: /home/user/public_html) and serve your web files from there. Don't forget to restart apache first!
|
|
|
12-03-2002, 04:06 PM
|
#3
|
LQ Newbie
Registered: Nov 2002
Location: Texas
Distribution: Redhat Linux 8.0
Posts: 18
Rep:
|
Here is a update..
I replaced my httpd.conf with the one you sent... However, Still no luck with jsevy ( http://192.168.0.3/~jsevy
just for poops and giggles, I created a new user... joey.. and made my public_html and the damn thing worked.,..
I tried my ~jsevy and no luck.. still error 403.. I acutally even put the public_html and the index.html as chmod 777
Suggestions?
|
|
|
12-03-2002, 04:18 PM
|
#4
|
Member
Registered: Oct 2002
Location: I-Town, NY
Distribution: Debian, Slackware
Posts: 130
Rep:
|
Strange that one user is working and not the other...
From your first post, it looks like you've spent some time mucking with /home/jsevy in commonhttpd.conf. If you did anything that apache doesn't like, your 403 is explained. Did you back up your configuration files before editing them?
|
|
|
12-03-2002, 09:54 PM
|
#5
|
LQ Newbie
Registered: Nov 2002
Location: Texas
Distribution: Redhat Linux 8.0
Posts: 18
Rep:
|
Of Course not... one thing I am courios about... is there a setting to not display the directory's contents if index.html is not present?
JS
|
|
|
12-04-2002, 09:05 AM
|
#6
|
LQ Newbie
Registered: Nov 2002
Distribution: Mandrake
Posts: 10
Original Poster
Rep:
|
UserDir
Actually, my userdir doesn't have anything in it... I wasn't going to leave it that way, but, since I couldn't get it to work in the first place, I never changed it.
I'm using a symbolic link from /var/www/html and that seems to work, but I know that's not the correct way .
-S
|
|
|
12-11-2002, 10:30 AM
|
#7
|
LQ Newbie
Registered: Nov 2002
Distribution: Mandrake
Posts: 10
Original Poster
Rep:
|
MSEC
Okay, I know this thread was getting old, but I looked at my security log:
msec, a Mandrake distribution program, is, hourly, changing the permissions of the home/user directory. When it changes the permissions (to 700 I think) Apache is unable to access it.
So, for those with Mandrake and Apache issues: Check msec.
|
|
|
04-21-2003, 08:53 AM
|
#8
|
LQ Newbie
Registered: Apr 2003
Location: ME
Distribution: Mandrake
Posts: 1
Rep:
|
I was having the same problems in M9.0 and after reading this thread, I finally realized where my problem was:
SSL was ON and I was 403'ing on each call to the webpage. After I thought of this, I checked https://page and viola, there it was sitting there. Turned SSL off on the virtual host in webmin and it loaded perfectly under a normal call.
So, thanks in a roundabout way
|
|
|
07-11-2003, 03:23 PM
|
#9
|
LQ Newbie
Registered: Jul 2003
Distribution: Mandrake Linux 9.1
Posts: 4
Rep:
|
just had the same problem.. thought I shared my solution
Just had the same problem and found this posting trough google (hurray for google! ) and I thought I'd share my solution with you all.
The reply about msec setting the permissions to /home/* (i.e. all the user-directories in the home dir) was completely correct. This does prevents Apache from reaching the public_html dirs in those home directories.
Just chmodding all the homedirs doesn't really help, because msec will convert them back to permissionlevel 700 every x minutes. To let msec set another permissionlevel, check the perm.<mseclevel you're using> in the /usr/share/msec directory (for example, if you're on msec level 4, you need to check perm.4). If you open that file, you'll find a whole list of directories and files, with the values for user and group names and permissionlevels which msec will set every now and then. Just change the permissionlevel of /home/* to 755 and Apache can do it's magic on it again.
If someone knows a better permlevel then 755, be my guest. I haven't been able to make it work under a more strict permlevel.
|
|
|
07-15-2003, 05:32 AM
|
#10
|
LQ Newbie
Registered: Jul 2003
Distribution: Mandrake Linux 9.1
Posts: 4
Rep:
|
another update about my solution.
chmodding all the home directories to 755 doesn't seem very secure, 'cause all the users on that machine can read all files of eachothers homedirectory. Permissionlevel 751 does enable apache to reach the folder (as public_html is worldreadable). But I think it's more secure to assign the homedirectories to a specific group where apps who need to get into homedirs (like apache) can be assigned to, and set the homedirs themself to 750 permission again.
any comment on this?
|
|
|
07-15-2003, 07:30 AM
|
#11
|
LQ Newbie
Registered: Jul 2003
Posts: 1
Rep:
|
Better permission level
The home directories only need to be 711 - apache needs execute permissions only
Cheers for the pointer on where to find the msec "perm" settings - that was doing my head in for a while!
Peace,
Dan
|
|
|
07-15-2003, 07:46 AM
|
#12
|
LQ Newbie
Registered: Jul 2003
Distribution: Mandrake Linux 9.1
Posts: 4
Rep:
|
giving world-execution rights to the homedirs does enable apache to access them, but it also allows all other users to 'traverse' other peoples homedirectories.
For example:
my homedir contains the directories
public_html (for my website) and
documents
If another user knows or guesses the name of my documents directory, he/she/it can easily do a cd /home/kman_2nd/documents to access my personal docs. This is because, at least on my machine, all directories made by my user have world-read and world-execute permissions by default.
Don't know how to change this... anyone has an idea?
|
|
|
All times are GMT -5. The time now is 11:34 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|