Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have virtual hosts set up with the following on an apache server, running CentOS 4.4.
Code:
# get the server name from the Host: header
UseCanonicalName Off
# this log format can be split per-virtual-host based on the first field
LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
CustomLog logs/access_log vcommon
# include the server name in the filenames used to satisfy requests
VirtualDocumentRoot /var/www/html/%0/docs
VirtualScriptAlias /var/www/html/%0/cgi-bin
This works well, however i want the DocumentRoot to be on a diffrent partition, with the mount point /www
Partition is fine however when i change the code to this:
Code:
# include the server name in the filenames used to satisfy requests
VirtualDocumentRoot /www/%0/docs
VirtualScriptAlias /www/%0/cgi-bin
there is a problem! The web browser always shows:
Quote:
Forbidden
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Can anyone tell me where im going wrong???? - Thanks
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
Well, you can either 'chmod a+rX -R' the directory, so it will be readable to everybody, or 'chown -R ' it, but then you will have to know apache username (it can be found in httpd.conf). If you want, you can read manual for chmod, chown, chgrp and usermod and make a directory that belongs to root, has group apache (or nogroup - you can name it as you wish), that group has httpd pseudo user as member, and permissions are 'a-w o-r g+r'. That way neither making apache misbehave allows modifications nor other means of getting local user rights allow reading the files, which is a bit better from security point of view (surely, applying critical security patches in time is much better anyway).
Ok, have played around with that a little and this is what i have know.
The partition /www cannot be alter by any user other than root:
drwxr-xr-x 7 root root 4096 Jan 2 23:03 www
I like this as there will be lots of uses folder in there, and i odviously dont want them to able to create there own, or delet others! If i place a folder in /www/ and chown it so the user owns it then they can eddit it them selves. However apache still throughs back this error to the web browser:
Quote:
Forbidden
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
If i chown the whole thing to apache:apache it makes no diffrence! (the apache user is deffinatly apache). If i do: 'chmod a+rX -R /www it makes no diffrence' ... So the permisions at the moment i genuraly like. Everyone can eddit there own file but no one elses, but i still need apache to be able to reed the contents of all the files! HELP!!!!!
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
OK. Please find and post all sections inside <Directory> tags in httpd.conf and included sites. Maybe it will be so that /var/www/html is governed by any of them (which allows all access), and /www not.
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>
<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
At my place of work we use RHeL running apache2 and all of our vhost's root folders need to be in the apache group. Then all the folders inside can be owned by the user.
This is on my actual shared server:
Code:
-bash-3.00$ ls -la | grep analext
drwxr-x--- 10 analextc apache 4096 Nov 2 16:42 analextc
-bash-3.00$
FYI my friends at work already made fun of my username, I didn't do it the damned setup script did!
sorry, the 265 is not in it! tried taking out the / and still no diffrent....
When i try to start the service i get the folowing error:
Starting httpd: Syntax error on line 265 of /etc/httpd/conf/httpd.conf:
DocumentRoot must be a directory
[FAILED]
How can it not be a directory?
Not sure, but have you actually created the 'www' folder in the very root of the server? If not, the error is coming from the directory 'www' not existing in the topmost root of the server at all. I'm betting if you login as root and go to /www it won't be there, until you create the directory.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.