LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-25-2004, 07:04 AM   #1
AMMullan
Member
 
Registered: Sep 2003
Location: United Kingdom
Distribution: Ubuntu, Arch
Posts: 438

Rep: Reputation: 30
Apache user directory permissions


Hey all

Just getting my webserver up and running and thought i'd setup the user directories (so i can do testing before putting it on live)... But when I go to see these pages i get a 403 (Permission Denied)....

The rest of Apache/PHP is working fine, juust not the user directories...

Does anyone know how to fix this? (oh BTW i'm using Apache 2.0.48)
 
Old 03-25-2004, 07:59 AM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 256Reputation: 256Reputation: 256
Do you have any files in the directories at all? Usually it will deny file indexing by default so you'll need a default index file in there, or just place something like this in your httpd.conf file:

Code:
# Control access to UserDir directories.  The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/public_html>
    AllowOverride FileInfo AuthConfig Limit
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS PROPFIND>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST OPTIONS PROPFIND>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>
You don't necessarily need all of that, but it might give you an idea of what to put, etc.
 
Old 03-25-2004, 12:40 PM   #3
AMMullan
Member
 
Registered: Sep 2003
Location: United Kingdom
Distribution: Ubuntu, Arch
Posts: 438

Original Poster
Rep: Reputation: 30
K well I tried that but it still doesn't let me get to it... I also tried changing permissions to full read/write on the directory but that didn't work either...

Any other ideas?
 
Old 03-25-2004, 12:45 PM   #4
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 256Reputation: 256Reputation: 256
Quote:
Originally posted by AMMullan
K well I tried that but it still doesn't let me get to it... I also tried changing permissions to full read/write on the directory but that didn't work either...

Any other ideas?
And you do have an index.html file in the directory? And after making your changes to httpd.conf, you retarted apache afterwards?
 
Old 03-25-2004, 12:47 PM   #5
AMMullan
Member
 
Registered: Sep 2003
Location: United Kingdom
Distribution: Ubuntu, Arch
Posts: 438

Original Poster
Rep: Reputation: 30
Yeah it's an exact copy of my website... and yes I restarted apache
 
Old 03-25-2004, 02:21 PM   #6
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 256Reputation: 256Reputation: 256
Well, the only other thing I can think of with a 403 permission denied is that you didn't change the permissions on your files, directories, etc that you wanted accessed from apache.
 
Old 03-25-2004, 02:30 PM   #7
AMMullan
Member
 
Registered: Sep 2003
Location: United Kingdom
Distribution: Ubuntu, Arch
Posts: 438

Original Poster
Rep: Reputation: 30
Yeah I did... I did a chmod -R 644 /home/ammullan/public_html (and even tried 777)....

Hmmmm this is what I have in my httpd.conf to do with UserDir:

========================================================
UserDir public_html

# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
=========================================================

I've never been able to get this going - on either RH9 or FC1... Dunno if there's something missing in the conf but from what I see it should work (have setup Apache servers for highschools in the past and they worked fine)....

Thanks for the help trickykid
 
Old 03-25-2004, 02:33 PM   #8
spoody_goon
Member
 
Registered: Sep 2003
Location: Michigan USA
Distribution: Mandrake, DamnSmallLinux, VectorLinux
Posts: 416

Rep: Reputation: 30
trickykid don't AMMullan have to edit host. etc/host as well?
If they are using named server like this

127.0.0.2 mysite www.mysite.com

Last edited by spoody_goon; 03-25-2004 at 02:35 PM.
 
Old 12-22-2004, 08:39 AM   #9
Danathar
Member
 
Registered: Jul 2004
Posts: 34

Rep: Reputation: 15
I came across your post looking for the same answer and found out that it has to do with selinux extentions.

type "setenforce 0"

value = 1 to re-enable it. Add the command somewhere on startup.

Fixed it for me.

-Doug



Quote:
Originally posted by AMMullan
Yeah I did... I did a chmod -R 644 /home/ammullan/public_html (and even tried 777)....

Hmmmm this is what I have in my httpd.conf to do with UserDir:

========================================================
UserDir public_html

# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
=========================================================

I've never been able to get this going - on either RH9 or FC1... Dunno if there's something missing in the conf but from what I see it should work (have setup Apache servers for highschools in the past and they worked fine)....

Thanks for the help trickykid
 
Old 12-22-2004, 10:07 AM   #10
Lleb_KCir
Senior Member
 
Registered: Nov 2003
Location: Orlando FL
Distribution: Debian
Posts: 1,765

Rep: Reputation: 45
chmod -R 755 /path/to/www/directory

you need 755 permissions for the public to view your web page, that also includes LAN only web pages.
 
Old 12-22-2004, 11:23 AM   #11
Danathar
Member
 
Registered: Jul 2004
Posts: 34

Rep: Reputation: 15
Quote:
Originally posted by Lleb_KCir
chmod -R 755 /path/to/www/directory

you need 755 permissions for the public to view your web page, that also includes LAN only web pages.
I had already done that. Actually my first post was a bit overkill. AFter you set up the permissions correctly like you said above you need to set up selinux so that it's accessable. Disabling selinux really should not be the way to fix the problem. The folling command is what you would use for this circumstance.

chcon -R -h -t httpd_sys_content_t /home/<your home directory>/public_html

Then after using the -Z switch on ls you can see that the public_html directory has rights for httpd

rwxr-xr-x danathar danathar user_u:object_r:httpd_sys_content_t public_html

-Doug B
 
Old 12-23-2004, 01:56 AM   #12
Lleb_KCir
Senior Member
 
Registered: Nov 2003
Location: Orlando FL
Distribution: Debian
Posts: 1,765

Rep: Reputation: 45
ok do you need to do all of that if you are behind a firewall?

on my web server i chown root:user the www directory (i put all of the web domains in that directory) and adjusted the permissions appropriatly. i am not running selinux just a whitebox3 fully patched as of about 5min from now (except the kernel) not running iptables or selinux. (ok make that as of now, just finished the yum update program program...)

is there a need to do the extra steps you have listed there on a system like that? yes it is an extrenal hardware firewall.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Accessing a directory with different user permissions archangel77 Linux - Newbie 1 08-07-2005 09:15 AM
[SOLVED] Apache log directory permissions gypsy_rabbi Linux - Security 2 10-09-2004 06:31 PM
home directory permissions get reset periodically, preventing use of apache UserDir rennard Linux - Security 2 08-03-2004 07:21 PM
Restricting user directory permissions britishnemesis Linux - Security 1 11-17-2003 06:10 AM
permissions question... can I make a directory writable from my user account hindenbergbaby Linux - Newbie 9 10-20-2003 04:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration