Im running RH9 and the default page is in /var/www/html and i will like to change it to ex: /home/user/www/ but it wont let me.

ive tryied everything


i change the document path and cgi path but im getting an 403 error message. im not sure if it has to do with permissions. Im also using SSL and ive heard that ssl and vhost dont like eachother........help please

error 403 is forbidden, so most likely you didn't change the permissions. Usually by default for user's home directories, only they have read/write access, so if you didn't change the permissions on the directory your setting your default root directory for, then well, you need to change it accordingly.

man chmod

AFAIK, you can't use SSL for any of the virtual hosts.. but for the main server configuration you can still use it.. not totally positive on that one off top of my head though.

The files must be readable (executeable for directories and scripts) by the user the server runs as. Look at the User and Group directives in httpd.conf

I usually leavethe files owned by the user who maintains them and chgrp the files to the user that the server runs as.

actually the files need to be readable by the group everyone. Doesn't matter who owns them or what the owner permissions are. Apache worries about the "r" for the files to everyone. go with something like 664 for the files in the directory you want to serve up static pages. CGI-BIN well that needs "x".

Well i almost got it ......one thing im missing
when i do a

http://localhost it goes to the new dir /home/user/www/

but if a do https://localhost

is still reading from old dir /var/www/html/ Why?

what im missing?

anyone?

Never mind , i got it ...........i had to make some changes on the ssl.conf file

Actually - your wrong.

The user and or group that apache runs as must have access to the files be it readable, writable or executable. Making scripts readable by everyone on a system could be classed as a security threat as any user could be able to find security holes in one of the scripts alot easier than if they were guessing.

Before you make such definative staements friend be sure you are accurate....

Here is my setup and ooops look at that....it works like a champ Why? Becuase a webserver MUST be accessable globally by everyone. Now yes all the moving parts for apache, meaning executables must be able to be run by the owner APACHE however we are not discussing that. As far as CGI's go, hello they are executables that will need to be run globally also. CGI's are your responsibility to make sure they don't do something stupid.

Now check out my setup at home. I run about 30 production sites in a similar fashion for a fortune 50.

drwxr-xr-x 3 ftpuser ftp 4096 Jun 7 12:07 web1
drwxr-xr-x 2 apache apache 4096 Apr 23 09:33 web2

[root@webserver1 web1]# ls -l
total 9212
-rw-r--r-- 1 ftpuser ftp 15 Jun 7 12:07 index.html
-rw-r--r-- 1 ftpuser ftp 2216539 Apr 25 12:15 sawmill6.4.5_x86_linux.tar.gz
drwxr-xr-x 2 root root 4096 May 7 07:48 ssh

[root@webserver1 web2]# ls -l
total 4
-rw-r--r-- 1 apache apache 15 Apr 23 09:33 index.html

Note dir web1 does NOT have any referrence to the user apache and it works fine. Web2 does and it works too. All about the global read persmission for the group everyone.

As for the security threat of CGI's if you are gonna use then you better be prepared. they must be in a dir that has global execute for the group everyone or they will not work. When a user hits your site they do not hit it as the user of your apache server, meaning they do not read your pages or cgi's as the user apache. If they did that would be a HUGE security issue. SSI's well they are a different creature....server side....

I am 100% acurate. I split the bullseye into pieces with one arrow. I couldn't be more sure. I do this for a living.

I'm not saying that it won't work if you use the all user bit since the webserver must afterall run as a user. What I am saying is that you DON'T need your files to be readable by all.

For the sake of argument here is a test process I went through to prove it:Now when I vist "http://boycie/test.html" surprise surprise I get a page that said "Hello World!"

yes what you are saying is correct but not for what he wants to do. It looked like his request was to have pages readable from a users home directory. I don't think you would want your users in the apache group for security reasons.

In his case he should define a user in his/her own group and give "r" to everyone.

Looks like we were bickering semantics.....

Was a good education for non-apache aficionados

i learned some :P