LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-07-2006, 12:45 PM   #1
xrender
LQ Newbie
 
Registered: May 2006
Posts: 15

Rep: Reputation: 0
Mixing up permissions - hellinux


Hi!
Obviously all what I am doing now is a host of mistakes (both in Linux Fedora and English ). Can somebody tell me the right way (mostly for Linux)?

I have installed Apache virtual host using (for the first time) a path like /home/virtual/mysite/public_html
for html files. Apache worked nicely and I saw index page at mysite.com. Then I decided to add a new user 'mysite' and to set up ftp for the site.
When I got /home/mysite home directory I just copied /home/virtual/mysite/public_html folder to it.

And I found that all the files in /home/mysite/public_html were marked as root property so I couldn`t ftp upload, delete, chmod, etc!
(my first question - how can root copy files to a home folder of user so that the user could use them?)

Ok, I changed the folder owner: chown -R mysite /home/mysite

After that I was able to upload all the html files to public_html folder.
But now when I try to reach the site I am getting error message:
"""""""""""""""""""""""""""""
You don't have permission to access /index.html on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
"""""""""""""""""""""""""""""
I found that permissions were set to 600 and changed them being a root: chmod -R 644 /home/mysite/

I see the same error message at present but now ftp does not work and I cannot even login as mysite to /home/mysite directory!
While it is inaccessible for mysite user, still I see on the midnight commander chown page: owner - mysite, group - mysite, permissions 644. All the files inside this folder set 644 as well and belong to mysite and group 'mysite' , only /home/mysite/public_html has owner - mysite, group - root and I cannot change group in the latter case!

My second question: what the hell is going on? why mysite folder isn`t a home folder of mysite anymore?
Thanks in advance

Last edited by xrender; 05-07-2006 at 01:05 PM.
 
Old 05-07-2006, 02:59 PM   #2
xrender
LQ Newbie
 
Registered: May 2006
Posts: 15

Original Poster
Rep: Reputation: 0
To simplify -
I added new user mysite2. Logged as this user I made public_html and index.html inside, I didn`t use ftp at all. I configured httpd.conf like this:

<VirtualHost xxx.xxx.xx.xx>
ServerName mysite.com
ServerAdmin webmaster@mysite.com
DocumentRoot /home/mysite2/public_html
ErrorLog /home/mysite2/logs/error_log
CustomLog /home/mysite2/logs/access_log common
</VirtualHost>

Site doesn`t work
"""""""""""""""""""""""""""""
You don't have permission to access /index.html on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
"""""""""""""""""""""""""""""

On the contrary, when I am root and create /home/virtual/mysite/public_html folder with index.html in it and configure httpd like this:

<VirtualHost xxx.xxx.xx.xx>
ServerName mysite.com
ServerAdmin webmaster@mysite.com
DocumentRoot /home/virtual/mysite/public_html
ErrorLog /home/virtual/mysite/logs/error_log
CustomLog /home/virtual/mysite/logs/access_log common
</VirtualHost>

- it works.

what is wrong with first variant?
 
Old 05-07-2006, 04:07 PM   #3
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,284

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
The user apache runs as (usually apache or www) needs to have permission to read the Web site files. usually home directories are set up owned by the user whose home directory it is and with 700 permissions, meaning Apache won't be able to see files inside the home directory. You need to make sure that the entire path /home/mysite2/public_html is readable to Apache.
 
Old 05-07-2006, 06:03 PM   #4
xrender
LQ Newbie
 
Registered: May 2006
Posts: 15

Original Poster
Rep: Reputation: 0
thank you for your reply

Actually, I set /home directory as apache group
and set 640 permissions
No luck.

I found out that my problem is not that rare:

https://secure.experts-exchange.com/...qid%3D21249234

Quote:
The problem you are expericneing is not a problem as such but ratrher a feature of FC3 called Security enhanced linux.

Try this

ls -Z /dir/where/www/root/will/be

chcon -R -h -t httpd_sys_content_t /dir/where/www/root/will/be

ls -Z /dir/where/www/root/will/be

It will prob be a good idea to turn selinux on again in the /etc/sysconfig/selinux conf file as it makes it so much more secure.

Hope this helps
 
Old 05-07-2006, 06:11 PM   #5
xrender
LQ Newbie
 
Registered: May 2006
Posts: 15

Original Poster
Rep: Reputation: 0
But even this did not help

I have good sys_content and apache group and 640 permissions for whole /home (by the way, is it secure?), but virtual host doesn`t work.

I also disabled SElinux, unfortunately I cannot reboot now, without ticket.

Any ideas what I do wrong?
 
Old 05-07-2006, 06:14 PM   #6
xrender
LQ Newbie
 
Registered: May 2006
Posts: 15

Original Poster
Rep: Reputation: 0
There is a hint that another solution could exist

http://www.experts-exchange.com/Oper..._21249234.html

One need to pay $$ to know it
 
Old 05-07-2006, 06:29 PM   #7
xrender
LQ Newbie
 
Registered: May 2006
Posts: 15

Original Poster
Rep: Reputation: 0
Finally when I set 770 permissions for /home I got site working.
But I guess it`s unsecure. Is there more elegant solution. I need to keep html documents in home dirs so that users could upload using vsftpd.

Will kindly appreciate any idea.
 
Old 05-07-2006, 06:42 PM   #8
xrender
LQ Newbie
 
Registered: May 2006
Posts: 15

Original Poster
Rep: Reputation: 0
After chmod 770 /home - - - I cannot ssh as 'mysite' or ftp connect to my /home/mysite. This Linux is a real nuts
 
Old 05-07-2006, 11:16 PM   #9
spooon
Senior Member
 
Registered: Aug 2005
Posts: 1,755

Rep: Reputation: 50
Quote:
Originally Posted by xrender
Finally when I set 770 permissions for /home I got site working.
But I guess it`s unsecure. Is there more elegant solution. I need to keep html documents in home dirs so that users could upload using vsftpd.

Will kindly appreciate any idea.
So first of all you should read about how permissions works for directories. A directory WILL NOT WORK WITHOUT EXECUTE PERMISSION. It is execute permission that allows access to a directory; read permission (which allows listing of the directory) and write permission (which allows creating & deletion of files) are less important. Typically directories are given 755 or 711 permissions.
 
Old 05-08-2006, 05:15 AM   #10
xrender
LQ Newbie
 
Registered: May 2006
Posts: 15

Original Poster
Rep: Reputation: 0
spooon, thanks for info about 711.
Do you know, how to rewert my mistake:
Quote:
chgrp -R apache /home
?
New users don`t have access to their own directories, while their permissions are ok. For example, user 'eldo' cannot access his home dir /home/eldo despite the fact that /home/eldo belongs to user eldo and group eldo.

Quote:
[root home]# su eldo
bash: /home/eldo/.bashrc: Permission denied
bash-3.00$
when I try to login:
Quote:
Could not chdir to home directory /home/eldo: Permission denied
-bash: /home/eldo/.bash_profile: Permission denied
-bash-3.00$
I tried
Quote:
chgrp -R root /home
same result when I create a new user - no access to home dir

Quote:
Originally Posted by btmiller
You need to make sure that the entire path /home/mysite2/public_html is readable to Apache.
Obviously, I did it wrong.
Could you tell what is a right way?

Last edited by xrender; 05-08-2006 at 05:38 AM.
 
Old 05-08-2006, 01:37 PM   #11
xrender
LQ Newbie
 
Registered: May 2006
Posts: 15

Original Poster
Rep: Reputation: 0
OK
thanks for your attention ,
The solution was root root 755 for /home dir.
As for Apache, it is sufficient to set 711 for dirs and 644 for html/php files.

BTW, can somebody tell how to set stuff uploading with certain permissions - say, 644 for files and 755 for folders?
 
Old 05-08-2006, 01:52 PM   #12
saitoshi
LQ Newbie
 
Registered: Oct 2004
Location: Canada
Distribution: Kubuntu
Posts: 20

Rep: Reputation: 0
Quote:
Originally Posted by xrender
OK
thanks for your attention ,
The solution was root root 755 for /home dir.
As for Apache, it is sufficient to set 711 for dirs and 644 for html/php files.

BTW, can somebody tell how to set stuff uploading with certain permissions - say, 644 for files and 755 for folders?
Hmmm. I'm not sure about doing it via FTP, but with an HTTP upload using PHP, I'm sure you must already know about using the chmod function built into PHP right? Ignore this if it's not applicable. I am a newb after all.

Edit: I figure it is safe to clarify just in case. I'm talking about uploading via a PHP script and trying to chmod the dir to something like 777 or whatnot and then reverting it once the file is uploaded. Probably really really un-secure though.

Last edited by saitoshi; 05-08-2006 at 01:54 PM.
 
Old 05-09-2006, 06:22 AM   #13
xrender
LQ Newbie
 
Registered: May 2006
Posts: 15

Original Poster
Rep: Reputation: 0
Actually, PHP is a great thing, but I meant if one can set up the ftp server so that all files and folders were attributed some default permissions upon ftp-uploading. I am a real novice and possibly asking about evident things. I saw many examples of virtualhosts provided by hosting providers where the files get 644 and the folders 755 automatically. I am using vsftpd - could it be that one should use more advanced ftp server?
 
Old 05-09-2006, 06:28 AM   #14
saitoshi
LQ Newbie
 
Registered: Oct 2004
Location: Canada
Distribution: Kubuntu
Posts: 20

Rep: Reputation: 0
Well, when it comes to FTP software, I'm likly as clueless (or even more clueless) as you, but have you tried finding out what software your examples use?
 
Old 05-12-2006, 07:13 AM   #15
xrender
LQ Newbie
 
Registered: May 2006
Posts: 15

Original Poster
Rep: Reputation: 0
Finally, there are two misleading things in vsftpd:

first, the file_open_mode option is not included into the default config file and the default is 0666.

MAN PAGE http://vsftpd.beasts.org/vsftpd_conf.html
Quote:
file_open_mode
The permissions with which uploaded files are created. Umasks are applied on top of this value. You may wish to change to 0777 if you want uploaded files to be executable.


Second, the default local_umask in the vsftpd.conf file is local_umask=022 or 077. Not very nicely if to believe that
Quote:
If you want to specify octal values, remember the "0" prefix otherwise the value will be treated as a base 10 integer
. So there should be 4 digits. For example, local_umask=0022.

Last edited by xrender; 05-12-2006 at 07:15 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sound mixing Four Linux - Newbie 2 12-26-2005 06:48 PM
Mixing videos ETeria Linux - Software 2 11-26-2003 09:00 PM
autogen: mixing C and C++ microtim Linux - Software 0 10-25-2003 11:20 AM
sound mixing how??? onix Slackware 2 05-03-2003 07:49 PM
Mixing C and C++ Cruelpeace Programming 1 02-01-2003 11:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration