LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-03-2011, 08:32 AM   #1
MichelCote
LQ Newbie
 
Registered: Oct 2009
Location: Laval Québec
Distribution: CentOS 6
Posts: 20

Rep: Reputation: 0
Certain websites are "Forbiden" on my Fedora 13 server.


Hi everyone,

I have a Fedora 13 box setup to serve webpages for our company's intranet and Nagios 3.2.3.

I just recovered from failed upgrade by doing a fresh install and restoring the files that I backed up before doing the update, yeah for planning this...

Ok after restoring the backup I re-installed apache, php, mysql, nagios and a few other software.

So I have everything setup. Made the proxy to go through our firewall, disabled SeLinux (nothing can come in the server unless requested).

Now the problem.

Most of the webpages are working, I have a Joomla install that works without a itch. But others are "Forbiden" including Nagios.

Here's nagios.conf from /etc/httpd/conf.d/
You'll see it's the standard install...
Code:
# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
# Last Modified: 11-26-2005
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file.  Customize the paths, etc. as
# needed to fit your system.

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>
Since this is a restore made over a USB key from the backup I had on my Windows computer the ownership and access rights are probably not set the right way...

So I'm wondering what owner and access should I put on htpasswd.users?

I had root, then I tried nagios and apache... No go.

Also access was setup as 0755.
Tried 0644 and 600... No go either...

In /usr/local/nagios/share/ all files are set to 0644 owner Nagios. All directories are 0755 owner Nagios.

I'm sure I'm missing something really stupid but I can't figure it out.

Last edited by MichelCote; 03-03-2011 at 08:37 AM.
 
Old 03-03-2011, 08:55 AM   #2
corp769
LQ Guru
 
Registered: Apr 2005
Location: /dev/null
Posts: 5,818

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
According to my htpasswd.users, permissions are set to 644 and owned by root:root

Let me know if that helps man,

Josh
 
Old 03-03-2011, 09:25 AM   #3
MichelCote
LQ Newbie
 
Registered: Oct 2009
Location: Laval Québec
Distribution: CentOS 6
Posts: 20

Original Poster
Rep: Reputation: 0
Thanks for the reply.

Made root:root and 0644 on the file but still no go.

Restarted httpd just for good measure too still no go.

Maybe it's something else then.

Is it possible that, even if SELinux is disabled, that some SELinux setting would prevent the file from being available?

I remember from the Nagios quick install there's these commands which I may have executed...
Quote:
chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/

chcon -R -t httpd_sys_content_t /usr/local/nagios/share/
Could it be something like this?
If so how would I reverse this?

Thanks for any replies and advices.

Last edited by MichelCote; 03-03-2011 at 09:27 AM.
 
Old 03-03-2011, 09:32 AM   #4
corp769
LQ Guru
 
Registered: Apr 2005
Location: /dev/null
Posts: 5,818

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
SELinux has its own database; With it disabled, those commands are useless, therefore you wouldn't need to reverse anything.

Can I ask what all is being forbidden and their locations?
 
Old 03-03-2011, 09:58 AM   #5
MichelCote
LQ Newbie
 
Registered: Oct 2009
Location: Laval Québec
Distribution: CentOS 6
Posts: 20

Original Poster
Rep: Reputation: 0
Hi,

Code:
Forbidden You don't have permission to access /nagios/ on this server.
  Apache/2.2.17 (Fedora) Server at localhost Port 80
On localhost, whether I use "localhost" or the domain name of the machine it replies the same.

On a remote computer (Win XP / Firefox) same thing when I use domain name or server IP.

I also have the same if I try to reach other pages in the nagios/share directory.

I also have the same "forbiden" maessage with another alias to "/map" that points to /home/nagios/share (not the Nagios directory) doesn't ask for a password and those pages should display a map of the Nagios results, plus others "info" pages.

/home/nagios/share/ and subdirs and files are owned by apache:apache and are set 0755 / 0644 as usual...

Thanks again for any replies.

EDIT ---

Nagios is set to /usr/local/nagios/ as per the default install...

Last edited by MichelCote; 03-03-2011 at 10:54 AM.
 
Old 03-03-2011, 11:32 AM   #6
corp769
LQ Guru
 
Registered: Apr 2005
Location: /dev/null
Posts: 5,818

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
Something really doesn't sound right, especially since you said that all directories are chmod'd to 755. Can you verify all permissions and user and group ownerships? Also to add to that... On my web server, I have everything owned as root. Maybe something is being owned other than root? Hope some of this helps out man,

Josh
 
Old 03-03-2011, 12:46 PM   #7
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
Blog Entries: 1

Rep: Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070
Hi,

Make sure that /usr/local/nagios permissions are also 755. Better run
Code:
chmod -R 755 /usr/local/nagios
just to be sure.
For apache to serve pages from a directory without a 403 error, all directories above the intended one must be also 755.

Regards
 
Old 03-03-2011, 01:07 PM   #8
corp769
LQ Guru
 
Registered: Apr 2005
Location: /dev/null
Posts: 5,818

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
Quote:
Originally Posted by bathory View Post
Hi,

Make sure that /usr/local/nagios permissions are also 755. Better run
Code:
chmod -R 755 /usr/local/nagios
just to be sure.
For apache to serve pages from a directory without a 403 error, all directories above the intended one must be also 755.

Regards
You read my mind, that was going to be my next step to chmod everything.
 
Old 03-03-2011, 01:21 PM   #9
MichelCote
LQ Newbie
 
Registered: Oct 2009
Location: Laval Québec
Distribution: CentOS 6
Posts: 20

Original Poster
Rep: Reputation: 0
Hey,

bathory you are the man!

I executed chmod -R 755 /usr/local/nagios and now my server will allows the pages to go through...

I'm pretty sure I had them "chmoded" to 755 though but is there a difference between chmod 0755 and chmod 755? That might have been my mistake...

Thanks a bunch to you two.
 
Old 03-03-2011, 01:54 PM   #10
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
Blog Entries: 1

Rep: Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070
Glad to see it worked.
FYI, there is no difference between 0755 and 755, so I guess it was /usr/local/nagios that had no execute attributes.
Anyway, you can restore the default file attributes (as they don't need to be executable, except in the sbin directory) by running:
Code:
find /usr/local/nagios -type f -exec chmod 644 {} \;
find /usr/local/nagios/sbin -type f -exec chmod 755 {} \;
Regards
 
Old 03-04-2011, 07:03 AM   #11
MichelCote
LQ Newbie
 
Registered: Oct 2009
Location: Laval Québec
Distribution: CentOS 6
Posts: 20

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
Glad to see it worked.
FYI, there is no difference between 0755 and 755, so I guess it was /usr/local/nagios that had no execute attributes.
Anyway, you can restore the default file attributes (as they don't need to be executable, except in the sbin directory) by running:
Code:
find /usr/local/nagios -type f -exec chmod 644 {} \;
find /usr/local/nagios/sbin -type f -exec chmod 755 {} \;
Regards
Thanks bathory,

I think you made a small omission in your code above but that's good since it forced me to research it

It needed a + sign after {} for each commands...

Code:
find /usr/local/nagios -type f -exec chmod 644 {} + \;
find /usr/local/nagios/sbin -type f -exec chmod 755 {} + \;
 
Old 03-04-2011, 07:20 AM   #12
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
Blog Entries: 1

Rep: Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070
Nah, the code is correct.
The only mistake I've made is when I told you to run chmod with the "-R" switch, so everything under /usr/local/nagios changed permissions. I meant that you should run "chmod 755 usr/local/nagios".

Cheers
 
Old 03-04-2011, 09:05 AM   #13
MichelCote
LQ Newbie
 
Registered: Oct 2009
Location: Laval Québec
Distribution: CentOS 6
Posts: 20

Original Poster
Rep: Reputation: 0
Hi,

Odd... first time I exec'ed that code it gave me an error that -exec was missing an argument.

But I used the code again and it worked.

Should I also keep files in /usr/local/nagios/libexec and/usr/local/nagios/libexec/evenhandlers as 755 too?

If I may ask what does the / stand for then?

Thanks a whole bunch for your help and guidance

-- EDIT --

I had to put the files in libexec back to 755, you should have seen the christmas tree I got on my Nagios result display screen... I have a 32 inch screen that everyone in the IT department can look at, it shows if any of our 700 stores has a internet connection faillure (by pinging the routers)... Normally we have 3 green bars saying that we do not have any outages for less then 30 minutes, between 30 minutes and a day and for more then a day...

Let's just say that pretty much all our store's numbers were in red in the "less then 30 minutes" category... 700 stores is a lot of scrolling...

I had to appease the worried techs letting them know it was only a glitch... Now everything is back to green now...

Last edited by MichelCote; 03-04-2011 at 09:17 AM.
 
Old 03-04-2011, 09:18 AM   #14
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
Blog Entries: 1

Rep: Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070Reputation: 2070
Quote:
Should I also keep files in /usr/local/nagios/libexec and/usr/local/nagios/libexec/evenhandlers as 755 too?
Yes, they should also be executable

Quote:
If I may ask what does the / stand for then?
What /? If you mean the \ before the ending semicolon ";", it's there just to escape the ";"

Regards

Last edited by bathory; 03-04-2011 at 04:47 PM.
 
Old 03-04-2011, 09:38 AM   #15
MichelCote
LQ Newbie
 
Registered: Oct 2009
Location: Laval Québec
Distribution: CentOS 6
Posts: 20

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
Yes, they should also be executable


What /? If you mean the \ before the ending semicolon ";", it's there just to escape the ";"

Regards
Yeah I meant \...

Sorry I'm a bit distracted this morning.

Thanks again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Fedora Core 2: Screen Resolution can not change from "800X600" to "1024X 768" suhaimi_sj Fedora - Installation 18 12-17-2009 04:29 AM
Logged in as "root"/Fedora 8 but get "Operation not permitted" when using "chmod etc gosunlee Linux - Newbie 7 02-10-2008 06:56 AM
Fedora 8: Internet connection is faster in "XP" than in "Fedora 8" why. Suggestions.. mahesh_infinity Linux - General 1 12-09-2007 01:06 PM
Porting to Fedora gcc 4.0 -parsing backward slash("\") comma(",") code_blew Programming 1 04-26-2006 05:07 PM
difference between "Web server local URL" and "IPv4 address"? kpachopoulos Linux - General 2 09-17-2004 02:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration