Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-03-2011, 08:32 AM
|
#1
|
LQ Newbie
Registered: Oct 2009
Location: Laval Québec
Distribution: CentOS 6
Posts: 20
Rep:
|
Certain websites are "Forbiden" on my Fedora 13 server.
Hi everyone,
I have a Fedora 13 box setup to serve webpages for our company's intranet and Nagios 3.2.3.
I just recovered from failed upgrade by doing a fresh install and restoring the files that I backed up before doing the update, yeah for planning this...
Ok after restoring the backup I re-installed apache, php, mysql, nagios and a few other software.
So I have everything setup. Made the proxy to go through our firewall, disabled SeLinux (nothing can come in the server unless requested).
Now the problem.
Most of the webpages are working, I have a Joomla install that works without a itch. But others are "Forbiden" including Nagios.
Here's nagios.conf from /etc/httpd/conf.d/
You'll see it's the standard install...
Code:
# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
# Last Modified: 11-26-2005
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file. Customize the paths, etc. as
# needed to fit your system.
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
# SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>
Since this is a restore made over a USB key from the backup I had on my Windows computer the ownership and access rights are probably not set the right way...
So I'm wondering what owner and access should I put on htpasswd.users?
I had root, then I tried nagios and apache... No go.
Also access was setup as 0755.
Tried 0644 and 600... No go either...
In /usr/local/nagios/share/ all files are set to 0644 owner Nagios. All directories are 0755 owner Nagios.
I'm sure I'm missing something really stupid but I can't figure it out.
Last edited by MichelCote; 03-03-2011 at 08:37 AM.
|
|
|
03-03-2011, 08:55 AM
|
#2
|
LQ Guru
Registered: Apr 2005
Location: /dev/null
Posts: 5,818
|
According to my htpasswd.users, permissions are set to 644 and owned by root:root
Let me know if that helps man,
Josh
|
|
|
03-03-2011, 09:25 AM
|
#3
|
LQ Newbie
Registered: Oct 2009
Location: Laval Québec
Distribution: CentOS 6
Posts: 20
Original Poster
Rep:
|
Thanks for the reply.
Made root:root and 0644 on the file but still no go.
Restarted httpd just for good measure too still no go.
Maybe it's something else then.
Is it possible that, even if SELinux is disabled, that some SELinux setting would prevent the file from being available?
I remember from the Nagios quick install there's these commands which I may have executed...
Quote:
chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/
chcon -R -t httpd_sys_content_t /usr/local/nagios/share/
|
Could it be something like this?
If so how would I reverse this?
Thanks for any replies and advices.
Last edited by MichelCote; 03-03-2011 at 09:27 AM.
|
|
|
03-03-2011, 09:32 AM
|
#4
|
LQ Guru
Registered: Apr 2005
Location: /dev/null
Posts: 5,818
|
SELinux has its own database; With it disabled, those commands are useless, therefore you wouldn't need to reverse anything.
Can I ask what all is being forbidden and their locations?
|
|
|
03-03-2011, 09:58 AM
|
#5
|
LQ Newbie
Registered: Oct 2009
Location: Laval Québec
Distribution: CentOS 6
Posts: 20
Original Poster
Rep:
|
Hi,
Code:
Forbidden You don't have permission to access /nagios/ on this server.
Apache/2.2.17 (Fedora) Server at localhost Port 80
On localhost, whether I use "localhost" or the domain name of the machine it replies the same.
On a remote computer (Win XP / Firefox) same thing when I use domain name or server IP.
I also have the same if I try to reach other pages in the nagios/share directory.
I also have the same "forbiden" maessage with another alias to "/map" that points to /home/nagios/share (not the Nagios directory) doesn't ask for a password and those pages should display a map of the Nagios results, plus others "info" pages.
/home/nagios/share/ and subdirs and files are owned by apache:apache and are set 0755 / 0644 as usual...
Thanks again for any replies.
EDIT ---
Nagios is set to /usr/local/nagios/ as per the default install...
Last edited by MichelCote; 03-03-2011 at 10:54 AM.
|
|
|
03-03-2011, 11:32 AM
|
#6
|
LQ Guru
Registered: Apr 2005
Location: /dev/null
Posts: 5,818
|
Something really doesn't sound right, especially since you said that all directories are chmod'd to 755. Can you verify all permissions and user and group ownerships? Also to add to that... On my web server, I have everything owned as root. Maybe something is being owned other than root? Hope some of this helps out man,
Josh
|
|
|
03-03-2011, 12:46 PM
|
#7
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
|
Hi,
Make sure that /usr/local/nagios permissions are also 755. Better run
Code:
chmod -R 755 /usr/local/nagios
just to be sure.
For apache to serve pages from a directory without a 403 error, all directories above the intended one must be also 755.
Regards
|
|
|
03-03-2011, 01:07 PM
|
#8
|
LQ Guru
Registered: Apr 2005
Location: /dev/null
Posts: 5,818
|
Quote:
Originally Posted by bathory
Hi,
Make sure that /usr/local/nagios permissions are also 755. Better run
Code:
chmod -R 755 /usr/local/nagios
just to be sure.
For apache to serve pages from a directory without a 403 error, all directories above the intended one must be also 755.
Regards
|
You read my mind, that was going to be my next step to chmod everything.
|
|
|
03-03-2011, 01:21 PM
|
#9
|
LQ Newbie
Registered: Oct 2009
Location: Laval Québec
Distribution: CentOS 6
Posts: 20
Original Poster
Rep:
|
Hey,
bathory you are the man!
I executed chmod -R 755 /usr/local/nagios and now my server will allows the pages to go through...
I'm pretty sure I had them "chmoded" to 755 though but is there a difference between chmod 0755 and chmod 755? That might have been my mistake...
Thanks a bunch to you two.
|
|
|
03-03-2011, 01:54 PM
|
#10
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
|
Glad to see it worked.
FYI, there is no difference between 0755 and 755, so I guess it was /usr/local/nagios that had no execute attributes.
Anyway, you can restore the default file attributes (as they don't need to be executable, except in the sbin directory) by running:
Code:
find /usr/local/nagios -type f -exec chmod 644 {} \;
find /usr/local/nagios/sbin -type f -exec chmod 755 {} \;
Regards
|
|
|
03-04-2011, 07:03 AM
|
#11
|
LQ Newbie
Registered: Oct 2009
Location: Laval Québec
Distribution: CentOS 6
Posts: 20
Original Poster
Rep:
|
Quote:
Originally Posted by bathory
Glad to see it worked.
FYI, there is no difference between 0755 and 755, so I guess it was /usr/local/nagios that had no execute attributes.
Anyway, you can restore the default file attributes (as they don't need to be executable, except in the sbin directory) by running:
Code:
find /usr/local/nagios -type f -exec chmod 644 {} \;
find /usr/local/nagios/sbin -type f -exec chmod 755 {} \;
Regards
|
Thanks bathory,
I think you made a small omission in your code above but that's good since it forced me to research it
It needed a + sign after {} for each commands...
Code:
find /usr/local/nagios -type f -exec chmod 644 {} + \;
find /usr/local/nagios/sbin -type f -exec chmod 755 {} + \;
|
|
|
03-04-2011, 07:20 AM
|
#12
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
|
Nah, the code is correct.
The only mistake I've made is when I told you to run chmod with the "-R" switch, so everything under /usr/local/nagios changed permissions. I meant that you should run "chmod 755 usr/local/nagios".
Cheers
|
|
|
03-04-2011, 09:05 AM
|
#13
|
LQ Newbie
Registered: Oct 2009
Location: Laval Québec
Distribution: CentOS 6
Posts: 20
Original Poster
Rep:
|
Hi,
Odd... first time I exec'ed that code it gave me an error that -exec was missing an argument.
But I used the code again and it worked.
Should I also keep files in /usr/local/nagios/libexec and/usr/local/nagios/libexec/evenhandlers as 755 too?
If I may ask what does the / stand for then?
Thanks a whole bunch for your help and guidance
-- EDIT --
I had to put the files in libexec back to 755, you should have seen the christmas tree I got on my Nagios result display screen... I have a 32 inch screen that everyone in the IT department can look at, it shows if any of our 700 stores has a internet connection faillure (by pinging the routers)... Normally we have 3 green bars saying that we do not have any outages for less then 30 minutes, between 30 minutes and a day and for more then a day...
Let's just say that pretty much all our store's numbers were in red in the "less then 30 minutes" category... 700 stores is a lot of scrolling...
I had to appease the worried techs letting them know it was only a glitch... Now everything is back to green now...
Last edited by MichelCote; 03-04-2011 at 09:17 AM.
|
|
|
03-04-2011, 09:18 AM
|
#14
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
|
Quote:
Should I also keep files in /usr/local/nagios/libexec and/usr/local/nagios/libexec/evenhandlers as 755 too?
|
Yes, they should also be executable
Quote:
If I may ask what does the / stand for then?
|
What /? If you mean the \ before the ending semicolon ";", it's there just to escape the ";"
Regards
Last edited by bathory; 03-04-2011 at 04:47 PM.
|
|
|
03-04-2011, 09:38 AM
|
#15
|
LQ Newbie
Registered: Oct 2009
Location: Laval Québec
Distribution: CentOS 6
Posts: 20
Original Poster
Rep:
|
Quote:
Originally Posted by bathory
Yes, they should also be executable
What /? If you mean the \ before the ending semicolon ";", it's there just to escape the ";"
Regards
|
Yeah I meant \...
Sorry I'm a bit distracted this morning.
Thanks again.
|
|
|
All times are GMT -5. The time now is 07:29 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|