Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-03-2011, 10:19 AM
|
#1
|
Member
Registered: Apr 2004
Location: oxford
Distribution: gentoo
Posts: 463
Rep:
|
apache permission errors
Hello all,
I know that this issue comes up time and time again however I have tried everything I can think of and followed every guide to no avail.
I have enabled apache userdir's like so:
(/etc/httpd/conf/httpd.conf)
Code:
<IfModule mod_userdir.c>
UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
#<Directory "/home/sharedusers/*/public_html">
# order allow,deny
# allow from all
#</Directory>
<Directory /home/sharedusers/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
This is my directory structure:
Code:
[root@donkey ~]# ls -ltr /home/sharedusers/home/sh_test/ -R
/home/sharedusers/home/sh_test/:
total 8
drwxr-xr-x 4 sh_test apache 4096 May 3 15:25 Maildir
drwx--x--x 2 sh_test apache 4096 May 3 15:55 public_html
/home/sharedusers/home/sh_test/Maildir:
total 8
drwxr-xr-x 2 sh_test apache 4096 May 3 15:25 new
drwxr-xr-x 2 sh_test apache 4096 May 3 15:25 cur
/home/sharedusers/home/sh_test/Maildir/new:
total 0
/home/sharedusers/home/sh_test/Maildir/cur:
total 0
/home/sharedusers/home/sh_test/public_html:
total 4
-rwx--x--x 1 sh_test apache 207 May 3 15:55 index.html
[root@donkey ~]#
SELinux:
Code:
[root@donkey ~]# /usr/sbin/setsebool -P httpd_read_user_content on
setsebool: SELinux is disabled.
[root@donkey ~]#
Groups:
Code:
[root@donkey ~]# cat /etc/group | grep sh_test
apache:x:48:root,trscookie,sh_test
ssh:x:5003:trscookie,trssimon,sh_test
[root@donkey ~]#
HTTP:
Code:
Forbidden
You don't have permission to access /~sh_test/ on this server.
Apache/2.2.3 (CentOS) Server at xx.xx.xx.48 Port 80
Does anybody have any more ideas?
Many many thanks in advance,
trscookie.
|
|
|
05-03-2011, 11:20 AM
|
#2
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,204
|
Wrong permissions for index page:
Quote:
/home/sharedusers/home/sh_test/public_html:
total 4
-rwx--x--x 1 sh_test apache 207 May 3 15:55 index.html
|
It should be 644 (-rw-r--r--)
Regards
|
|
|
05-03-2011, 11:26 AM
|
#3
|
Member
Registered: Apr 2004
Location: oxford
Distribution: gentoo
Posts: 463
Original Poster
Rep:
|
Thanks for the reply, I have tried this however it still isnt working :'(:
Code:
[root@donkey public_html]# chmod 644 index.html
[root@donkey public_html]# ll
total 4
-rw-r--r-- 1 sh_test apache 207 May 3 15:55 index.html
[root@donkey public_html]# ll
|
|
|
05-03-2011, 11:41 AM
|
#4
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,204
|
Clear your browser cache and try again
|
|
|
05-03-2011, 11:42 AM
|
#5
|
Member
Registered: Apr 2004
Location: oxford
Distribution: gentoo
Posts: 463
Original Poster
Rep:
|
...still same error
|
|
|
05-03-2011, 12:00 PM
|
#6
|
Member
Registered: Apr 2004
Location: oxford
Distribution: gentoo
Posts: 463
Original Poster
Rep:
|
Apache conf:
Code:
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
Listen 80
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
Include conf.d/*.conf
Include sites/*.conf
User apache
Group apache
ServerAdmin admin@mydomain.com
UseCanonicalName Off
DocumentRoot "/var/www/html"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_userdir.c>
UserDir public_html
</IfModule>
<Directory /home/sharedusers/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml
DirectoryIndex index.html index.html.var
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
ServerSignature On
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_dav_fs.c>
# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb
</IfModule>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
ForceLanguagePriority Prefer Fallback
AddDefaultCharset UTF-8
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler type-map var
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/error/"
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
<Directory "/var/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
</IfModule>
</IfModule>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
NameVirtualHost xx.xx.xx.48:80
|
|
|
05-03-2011, 12:00 PM
|
#7
|
Senior Member
Registered: Dec 2003
Location: Trondheim, Norway
Distribution: Debian and Ubuntu
Posts: 1,460
|
Anything in the logs?
sudo tail /var/log/apache2/error.log
|
|
|
05-03-2011, 12:03 PM
|
#8
|
Member
Registered: Apr 2004
Location: oxford
Distribution: gentoo
Posts: 463
Original Poster
Rep:
|
these are the errors:
Code:
[root@donkey public_html]# tail /var/log/httpd/error_log
[Tue May 03 17:48:26 2011] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /~sh_test/ denied
[Tue May 03 17:48:26 2011] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /~sh_test/ denied
[Tue May 03 17:48:26 2011] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /~sh_test/ denied
[Tue May 03 17:48:26 2011] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /~sh_test/ denied
[Tue May 03 17:48:27 2011] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /~sh_test/ denied
[Tue May 03 17:48:27 2011] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /~sh_test/ denied
[Tue May 03 17:48:27 2011] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /~sh_test/ denied
[Tue May 03 17:48:27 2011] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /~sh_test/ denied
[Tue May 03 17:48:28 2011] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /~sh_test/ denied
[Tue May 03 17:48:28 2011] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /~sh_test/ denied
|
|
|
05-03-2011, 12:07 PM
|
#9
|
Senior Member
Registered: Dec 2003
Location: Trondheim, Norway
Distribution: Debian and Ubuntu
Posts: 1,460
|
Isn't this incorrect? I think only the owner can read the directory.
drwx--x--x 2 sh_test apache 4096 May 3 15:55 public_html
chmod it 755.
|
|
|
05-03-2011, 12:14 PM
|
#10
|
Member
Registered: Apr 2004
Location: oxford
Distribution: gentoo
Posts: 463
Original Poster
Rep:
|
Still no joy I'm afraid :'(, I have tried changing the user and changing the permissions, as below:
Code:
[root@donkey home]# chmod 755 -R sh_test/
.bash_history .bash_logout .bash_profile .bashrc Maildir/ public_html/ .viminfo
[root@donkey home]# chmod 755 -R sh_test/public_html/
[root@donkey home]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for donkey
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
[root@donkey home]# chmod 644 sh_test/public_html/index.html
[root@donkey home]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for donkey
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
[root@donkey home]# chown apache.apache -R sh_test/public_html/
[root@donkey home]# chown sh_test -R sh_test/public_html/
[root@donkey home]# ls -ltr sh_test/
total 8
drwxr-xr-x 4 sh_test apache 4096 May 3 15:25 Maildir
drwxr-xr-x 2 sh_test apache 4096 May 3 15:55 public_html
[root@donkey home]# tail /var/log/httpd/error_log
[Tue May 03 18:11:01 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
[Tue May 03 18:11:37 2011] [notice] caught SIGTERM, shutting down
[Tue May 03 18:11:37 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue May 03 18:11:37 2011] [notice] Digest: generating secret for digest authentication ...
[Tue May 03 18:11:37 2011] [notice] Digest: done
[Tue May 03 18:11:37 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
[Tue May 03 18:11:42 2011] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /~sh_test/ denied
[Tue May 03 18:11:56 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/html/trscookie/mysite/robots.txt
[Tue May 03 18:11:56 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/html/trscookie/mysite/robots.txt
[Tue May 03 18:12:04 2011] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /~sh_test/ denied
|
|
|
05-03-2011, 12:24 PM
|
#11
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,204
|
Oups, I've now noticed that you use a different homedir tree (/home/sharedusers/home/sh_test instead of /home/sh_test)
For this to work you need to use DirectoryMatch
Code:
<DirectoryMatch /home(.*)/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</DirectoryMatch>
or use explicitly <Directory /home/sharedusers/home/*/public_html>
|
|
|
05-03-2011, 12:43 PM
|
#12
|
Member
Registered: Apr 2004
Location: oxford
Distribution: gentoo
Posts: 463
Original Poster
Rep:
|
Oh dear, still no joy im afraid! I just dont understand it! I have tried:
Code:
<Directory /home/sharedusers/home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
and
Code:
<DirectoryMatch /home(.*)/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</DirectoryMatch>
Log:
Code:
[root@donkey home]# tail /var/log/httpd/error_log
[Tue May 03 18:31:55 2011] [error] [client xx.xx.xx.xx] (13)Permission denied: access to /~sh_test/public_html denied
[Tue May 03 18:31:57 2011] [error] [client xx.xx.xx.xx] (13)Permission denied: access to /~sh_test/ denied
[Tue May 03 18:31:59 2011] [error] [client xx.xx.xx.xx] (13)Permission denied: access to /~sh_test/ denied
[Tue May 03 18:31:59 2011] [error] [client xx.xx.xx.xx] (13)Permission denied: access to /~sh_test/ denied
Code:
http://xx.xx.xx.xx/~sh_test/
Forbidden
You don't have permission to access /~sh_test/ on this server.
Apache/2.2.3 (CentOS) Server at xx.xx.xx.xx Port 80
|
|
|
05-03-2011, 12:59 PM
|
#13
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,204
|
OK, start from / and list the permissions of all folders:
Code:
ls -ld /
ls -ld /home
ls -ld /home/sharedusers
ls -ld /home/sharedusers/home
ls -ld /home/sharedusers/home/sh_test
ls -ld /home/sharedusers/home/sh_test/public_html
All directories must be 755 and the files inside public_html 644 (at least)
Last edited by bathory; 05-03-2011 at 01:01 PM.
|
|
1 members found this post helpful.
|
05-03-2011, 01:03 PM
|
#14
|
Member
Registered: Apr 2004
Location: oxford
Distribution: gentoo
Posts: 463
Original Poster
Rep:
|
WOOOOO, thanks it was 755 on /home/sharedusers/home/sh_test that has sorted it! Thanks
Code:
[root@donkey home]# ls -ld /home/sharedusers/home/sh_test
drwxr-xr-x 4 sh_test apache 4096 May 3 16:24 /home/sharedusers/home/sh_test
[root@donkey home]#
|
|
|
All times are GMT -5. The time now is 10:22 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|