LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-23-2006, 06:28 PM   #1
jon23d
Member
 
Registered: May 2006
Location: Kennewick, WA - USA
Distribution: Ubuntu
Posts: 129

Rep: Reputation: 15
Apache returns 403 on file with correct permissions


Good afternoon,

This is my first post here and I want to thank you in advance for reading this and providing any advice you may have!

I have a new install and am setting up apache, mysql, and phpMyAdmin. I have changed the group for the www and all subdirectories to 'web'. I have left the permissions untouched.

Every file I take out of the phpMyAdmin archive has this same problem, so I have reduced it to one file to demonstrate.

The file is named Documentation.html, and per the instructions contained in it I have extracted the file to the document root [ /var/www/html ].

I have created a test file called test.html in the same directory which works just fine. At this point my ls -l shows:

-rw-r--r-- 1 jon23d jon23d 192655 May 12 09:31 Documentation.html
-rw-rw-r-- 1 jon23d jon23d 59 May 23 16:01 test.html

When I try to view documentation.html through apache I am returned a 403.

When I change the permissions to be the exact same as test.html I recieve the same problem. jon23d is a member of the web group which owns /var/www & /var/www/html.

Next I copied Documentation.html to test2.html. I changed no permissions at all. Apache allows me to view this file just fine.... Help!
 
Old 05-23-2006, 07:38 PM   #2
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 332Reputation: 332Reputation: 332Reputation: 332
The problem isn't the permissions, but the file's SELinux context. You probably moved Documentation.html into the /var/www/html directory, maintaining its (incorrect) context. When you copied the file, the newly created file inherited the (correct) directory context.

You can see this with 'ls -Z' on the files in question. What you probably need to do is:

chcon -t httpd_sys_content_t /var/www/html/Documentation.html

Documentation on SELinux is here, assuming you are using the current FC5.
 
Old 05-23-2006, 08:30 PM   #3
jon23d
Member
 
Registered: May 2006
Location: Kennewick, WA - USA
Distribution: Ubuntu
Posts: 129

Original Poster
Rep: Reputation: 15
Thanks Macemoneta,

While what I read was still rather confusing - it did fix the problem. I believe that I understand now that this is a second layer of security enabled system-wide on a per-program basis. Are you aware of a way to ensure that the correct context is set automatically when I unzip a file in the future?

Thanks again!
 
Old 05-23-2006, 08:34 PM   #4
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 332Reputation: 332Reputation: 332Reputation: 332
If you create a file in a directory, it will inherit that directories context. So if you unzip a file in /var/www/html, it has the appropriate permissions for a file served by apache. For example, if you have a new version of Document.html in /home/someuser/document.zip, then:

cd /var/www/html
unzip /home/someuser/document.zip

This will create the file in the directory, and it will have the correct context. Alternatively, you can just set the context manually with chcon.
 
Old 05-23-2006, 08:54 PM   #5
jon23d
Member
 
Registered: May 2006
Location: Kennewick, WA - USA
Distribution: Ubuntu
Posts: 129

Original Poster
Rep: Reputation: 15
After a little experimenting I discovered that unzipping directly into the directory will only work if I first copy the file from the CD to that folder. I cannot extract directly from the disk or from another folder. Thanks again!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache returns 'Forbidden 403' for phpMyAdmin Notwerk Linux - Software 1 01-24-2006 02:04 AM
APACHE Problem 2 dirs, identical permissions and security contexts, one gives 403? tones Linux - Software 2 03-13-2005 08:45 AM
Apache 403 Permissions Boffy Linux - Networking 9 08-21-2004 11:36 AM
Vsftpd changes file permissions....how to correct? 88guy Linux - Software 1 05-25-2004 05:17 PM
giving apache the correct permissions dflorence Linux - Newbie 3 11-06-2003 08:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration