Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-30-2005, 08:36 AM
|
#1
|
LQ Newbie
Registered: Aug 2003
Distribution: Fedora 4
Posts: 27
Rep:
|
Apache UserDir Problem
Hi, i'm trying to make the userdir function on Apache work, so that my users can have their website at http://mydomain/~user/
I have created a public_html directory in my home dir, but it still doesn't seem to work. I chmod-ed it to a+rx, and the contents of the dir to a+rx. The dir also contains an index.html file. When trying to surf to the dir I get the error "You don't have permission to access /~sbb on this server."
Here is the section from my httpd conf
Code:
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>
Thanks in advance
SBB
|
|
|
07-30-2005, 09:05 AM
|
#2
|
Member
Registered: Feb 2004
Location: UK
Distribution: RHEL, Ubuntu, Solaris 11, NetBSD, OpenBSD
Posts: 225
Rep:
|
You've enabled the userDir module, but you haven't actually configured any access permissions for the /home/*/public_html directory.
See that commented out text you've pasted under the </IfModule> tag? That's some default config for the public_html directory. Uncommenting the <Directory> tags and everything in between will allow Apache to access /home/*/public_html directory (i.e. the public_html directory in the users home dir) with the default permissions that are installed on your system.
Cheers,
Steve
|
|
|
07-30-2005, 09:34 AM
|
#3
|
LQ Newbie
Registered: Aug 2003
Distribution: Fedora 4
Posts: 27
Original Poster
Rep:
|
I uncommented the section and it still doesn't work! Same error as before...
|
|
|
07-30-2005, 02:16 PM
|
#4
|
Member
Registered: Feb 2004
Location: UK
Distribution: RHEL, Ubuntu, Solaris 11, NetBSD, OpenBSD
Posts: 225
Rep:
|
What about the permissions on your home directory?
Some operating systems set these to rw for owner, or owner and group only, but as it says in the extract you posted, ~ will need permissions of 0711 to allow the user that apache runs as to be able to access the public_html directory.
|
|
|
07-30-2005, 06:24 PM
|
#5
|
LQ Newbie
Registered: Aug 2003
Distribution: Fedora 4
Posts: 27
Original Poster
Rep:
|
Sorry, I'm confused by "0711"
|
|
|
07-30-2005, 09:19 PM
|
#6
|
Member
Registered: Mar 2004
Location: /planet/earth
Posts: 110
Rep:
|
if permissions are not 711 in user home directory apache will not be able to read the files. You can try :
# chmod 711 /home/* -fr
(as root)
|
|
|
07-31-2005, 01:56 AM
|
#7
|
Member
Registered: Jul 2005
Location: Ab Ca
Distribution: Redhat EL Sun Mac OSX FC 3.0 & 4.0
Posts: 44
Rep:
|
Do you have selinux enabled? Check /var/log/messages for entries like...
Jul 26 12:25:50 server kernel: audit(1122402350.937:0): avc: denied { add_name } for pid=4581 exe=/bin/ln name=liblnxfv.so.4 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:lib_t tclass=dir
If so you will have to configure your users home directories with the chcon command
eg.
Code:
chcon -t httpd_sys_content_t -R /path_to_home_directories/public_html
This is just the tip of the iceberg as far as SElinux goes
|
|
|
08-01-2005, 03:45 PM
|
#8
|
Member
Registered: Feb 2004
Location: UK
Distribution: RHEL, Ubuntu, Solaris 11, NetBSD, OpenBSD
Posts: 225
Rep:
|
sbb, the permissions on files and folders can be represented with numbers on a unix-based system. This is called an octal representation of the permissions.
0711 would give you rwx--x--x
Read man chmod
Cheers,
Steve
|
|
|
09-25-2005, 01:02 AM
|
#9
|
Member
Registered: Aug 2002
Distribution: SME Server, CentOS
Posts: 219
Rep:
|
Same problem, same distribution
I have Fedora 4 and I am having the UserDir problems. Everything else checks out. Permissions are rwxrw-rw all the way up to /home. My last point of confusion was the commented out section that is mentioned below. I uncommented it and restarted httpd with no change in behavior. Another point of confusion is the idea of giving Apache permission to search the home directories. The manual and comments make it sound like there is some other issue besides just chmod-ing the permissions. Is there some group changes that also have to be made?
What is the source of these permission denied errors?
Quote:
Forbidden
You don't have permission to access /~UserName on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
--------------------------------------------------------------------------------
Apache/2.0.54 (Fedora) Server at cubie Port 80
|
|
|
|
09-25-2005, 02:29 AM
|
#10
|
LQ Guru
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298
Rep:
|
The permissions for ~userid should be 711 and those for ~userid/public_html should be 755. If you have Selinux enable then take a look for a possible solution here.
Last edited by reddazz; 09-25-2005 at 02:37 AM.
|
|
|
09-25-2005, 03:49 PM
|
#11
|
Member
Registered: Aug 2002
Distribution: SME Server, CentOS
Posts: 219
Rep:
|
Quote:
Originally posted by reddazz
The permissions for ~userid should be 711 and those for ~userid/public_html should be 755. If you have Selinux enable then take a look for a possible solution here.
|
Doesn't work. I tried the following with no change in behavior:
Code:
chmod 711 /home/* -R
chmod 755 /home/userid/public_html/ -R
I tried the chmod above ...
Code:
chomd 711 /home/* -fr
and got a "mode error" for the directory I am trying to reach.
|
|
|
09-25-2005, 04:08 PM
|
#12
|
Member
Registered: Aug 2002
Distribution: SME Server, CentOS
Posts: 219
Rep:
|
I am noticing a few other things. If I log in as another low level user, I can't reach the file of that other low level user I am trying to reach with Apache. Konqueror shows that directory as a "Locked folder". Could some other file sharing issue be involved? Also, I have Samba installed on the same machine and use it. Could there be some interference there?
|
|
|
09-25-2005, 04:45 PM
|
#13
|
Member
Registered: Aug 2002
Distribution: SME Server, CentOS
Posts: 219
Rep:
|
Quote:
Originally posted by hlyrad
Do you have selinux enabled? Check /var/log/messages for entries like...
Jul 26 12:25:50 server kernel: audit(1122402350.937:0): avc: denied { add_name } for pid=4581 exe=/bin/ln name=liblnxfv.so.4 scontext=root:system_r:httpd_sys_script_t tcontext=system_ubject_r:lib_t tclass=dir
If so you will have to configure your users home directories with the chcon command
eg.
Code:
chcon -t httpd_sys_content_t -R /path_to_home_directories/public_html
This is just the tip of the iceberg as far as SElinux goes
|
Whoa! Hey, I do have selinux enabled ... I guess.
My first reading of this post goes,
"Do you have selinux? Check .... " and of course I'm thinking "No, dude, I have Fedora 4 like I said."
Yes, the command offered above makes the directory accessable. I am not looking forward to messing with selinux.
Problem improved if not solved, but closed as far as I am concerned for this thread.
|
|
|
04-10-2006, 06:29 PM
|
#14
|
Member
Registered: Aug 2002
Distribution: SME Server, CentOS
Posts: 219
Rep:
|
Same problems again
Once again, I am having problems with my user directories. Since this last post, I have been through a second upgrade of Fedora to Fedora Core 5 and Apache 2.2.0(Fedora). I do not use this server frequently, but I need to depend on it again and I have tried to create new users, but once again I am getting the identical errors I reported in the post above with these new users. SELinux is not enabled according to my Security Level Tool.
What could it be this time? All my user permissions are set identically and I have three older users that can be served without any problems. My HTTP error log says "(13) permission denied: Access to ... denied".
What could be the problem this time?
Any and all tips and clues would be appreciated.
|
|
|
All times are GMT -5. The time now is 02:58 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|