LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-30-2005, 08:36 AM   #1
sbb
LQ Newbie
 
Registered: Aug 2003
Distribution: Fedora 4
Posts: 27

Rep: Reputation: 15
Apache UserDir Problem


Hi, i'm trying to make the userdir function on Apache work, so that my users can have their website at http://mydomain/~user/

I have created a public_html directory in my home dir, but it still doesn't seem to work. I chmod-ed it to a+rx, and the contents of the dir to a+rx. The dir also contains an index.html file. When trying to surf to the dir I get the error "You don't have permission to access /~sbb on this server."

Here is the section from my httpd conf

Code:
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid.  This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
<IfModule mod_userdir.c>
    #
    # UserDir is disabled by default since it can confirm the presence
    # of a username on the system (depending on home directory
    # permissions).
    #
    #
    # To enable requests to /~user/ to serve the user's public_html
    # directory, remove the "UserDir disable" line above, and uncomment
    # the following line instead:
    #
UserDir public_html

</IfModule>

#
# Control access to UserDir directories.  The following is an example
# for a site where these directories are restricted to read-only.
#
#<Directory /home/*/public_html>
#    AllowOverride FileInfo AuthConfig Limit
#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
#    <Limit GET POST OPTIONS>
#        Order allow,deny
#        Allow from all
#    </Limit>
#    <LimitExcept GET POST OPTIONS>
#        Order deny,allow
#        Deny from all
#    </LimitExcept>
#</Directory>
Thanks in advance
SBB
 
Old 07-30-2005, 09:05 AM   #2
SteveK1979
Member
 
Registered: Feb 2004
Location: UK
Distribution: RHEL, Ubuntu, Solaris 11, NetBSD, OpenBSD
Posts: 225

Rep: Reputation: 43
You've enabled the userDir module, but you haven't actually configured any access permissions for the /home/*/public_html directory.

See that commented out text you've pasted under the </IfModule> tag? That's some default config for the public_html directory. Uncommenting the <Directory> tags and everything in between will allow Apache to access /home/*/public_html directory (i.e. the public_html directory in the users home dir) with the default permissions that are installed on your system.

Cheers,

Steve
 
Old 07-30-2005, 09:34 AM   #3
sbb
LQ Newbie
 
Registered: Aug 2003
Distribution: Fedora 4
Posts: 27

Original Poster
Rep: Reputation: 15
I uncommented the section and it still doesn't work! Same error as before...
 
Old 07-30-2005, 02:16 PM   #4
SteveK1979
Member
 
Registered: Feb 2004
Location: UK
Distribution: RHEL, Ubuntu, Solaris 11, NetBSD, OpenBSD
Posts: 225

Rep: Reputation: 43
What about the permissions on your home directory?

Some operating systems set these to rw for owner, or owner and group only, but as it says in the extract you posted, ~ will need permissions of 0711 to allow the user that apache runs as to be able to access the public_html directory.
 
Old 07-30-2005, 06:24 PM   #5
sbb
LQ Newbie
 
Registered: Aug 2003
Distribution: Fedora 4
Posts: 27

Original Poster
Rep: Reputation: 15
Sorry, I'm confused by "0711"

 
Old 07-30-2005, 09:19 PM   #6
guideweb
Member
 
Registered: Mar 2004
Location: /planet/earth
Posts: 110

Rep: Reputation: 15
if permissions are not 711 in user home directory apache will not be able to read the files. You can try :

# chmod 711 /home/* -fr
(as root)
 
Old 07-31-2005, 01:56 AM   #7
hlyrad
Member
 
Registered: Jul 2005
Location: Ab Ca
Distribution: Redhat EL Sun Mac OSX FC 3.0 & 4.0
Posts: 44

Rep: Reputation: 15
Do you have selinux enabled? Check /var/log/messages for entries like...


Jul 26 12:25:50 server kernel: audit(1122402350.937:0): avc: denied { add_name } for pid=4581 exe=/bin/ln name=liblnxfv.so.4 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:lib_t tclass=dir


If so you will have to configure your users home directories with the chcon command
eg.
Code:
chcon -t httpd_sys_content_t -R /path_to_home_directories/public_html

This is just the tip of the iceberg as far as SElinux goes
 
Old 08-01-2005, 03:45 PM   #8
SteveK1979
Member
 
Registered: Feb 2004
Location: UK
Distribution: RHEL, Ubuntu, Solaris 11, NetBSD, OpenBSD
Posts: 225

Rep: Reputation: 43
sbb, the permissions on files and folders can be represented with numbers on a unix-based system. This is called an octal representation of the permissions.

0711 would give you rwx--x--x

Read man chmod

Cheers,

Steve
 
Old 09-25-2005, 01:02 AM   #9
SparceMatrix
Member
 
Registered: Aug 2002
Distribution: SME Server, CentOS
Posts: 219

Rep: Reputation: 30
Same problem, same distribution

I have Fedora 4 and I am having the UserDir problems. Everything else checks out. Permissions are rwxrw-rw all the way up to /home. My last point of confusion was the commented out section that is mentioned below. I uncommented it and restarted httpd with no change in behavior. Another point of confusion is the idea of giving Apache permission to search the home directories. The manual and comments make it sound like there is some other issue besides just chmod-ing the permissions. Is there some group changes that also have to be made?

What is the source of these permission denied errors?

Quote:
Forbidden
You don't have permission to access /~UserName on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.


--------------------------------------------------------------------------------

Apache/2.0.54 (Fedora) Server at cubie Port 80
 
Old 09-25-2005, 02:29 AM   #10
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 77
The permissions for ~userid should be 711 and those for ~userid/public_html should be 755. If you have Selinux enable then take a look for a possible solution here.

Last edited by reddazz; 09-25-2005 at 02:37 AM.
 
Old 09-25-2005, 03:49 PM   #11
SparceMatrix
Member
 
Registered: Aug 2002
Distribution: SME Server, CentOS
Posts: 219

Rep: Reputation: 30
Quote:
Originally posted by reddazz
The permissions for ~userid should be 711 and those for ~userid/public_html should be 755. If you have Selinux enable then take a look for a possible solution here.
Doesn't work. I tried the following with no change in behavior:

Code:
chmod 711 /home/* -R
chmod 755 /home/userid/public_html/ -R
I tried the chmod above ...

Code:
chomd 711 /home/* -fr
and got a "mode error" for the directory I am trying to reach.
 
Old 09-25-2005, 04:08 PM   #12
SparceMatrix
Member
 
Registered: Aug 2002
Distribution: SME Server, CentOS
Posts: 219

Rep: Reputation: 30
I am noticing a few other things. If I log in as another low level user, I can't reach the file of that other low level user I am trying to reach with Apache. Konqueror shows that directory as a "Locked folder". Could some other file sharing issue be involved? Also, I have Samba installed on the same machine and use it. Could there be some interference there?
 
Old 09-25-2005, 04:45 PM   #13
SparceMatrix
Member
 
Registered: Aug 2002
Distribution: SME Server, CentOS
Posts: 219

Rep: Reputation: 30
Quote:
Originally posted by hlyrad
Do you have selinux enabled? Check /var/log/messages for entries like...


Jul 26 12:25:50 server kernel: audit(1122402350.937:0): avc: denied { add_name } for pid=4581 exe=/bin/ln name=liblnxfv.so.4 scontext=root:system_r:httpd_sys_script_t tcontext=system_ubject_r:lib_t tclass=dir


If so you will have to configure your users home directories with the chcon command
eg.
Code:
chcon -t httpd_sys_content_t -R /path_to_home_directories/public_html

This is just the tip of the iceberg as far as SElinux goes
Whoa! Hey, I do have selinux enabled ... I guess.

My first reading of this post goes,

"Do you have selinux? Check .... " and of course I'm thinking "No, dude, I have Fedora 4 like I said."

Yes, the command offered above makes the directory accessable. I am not looking forward to messing with selinux.

Problem improved if not solved, but closed as far as I am concerned for this thread.
 
Old 04-10-2006, 06:29 PM   #14
SparceMatrix
Member
 
Registered: Aug 2002
Distribution: SME Server, CentOS
Posts: 219

Rep: Reputation: 30
Same problems again

Once again, I am having problems with my user directories. Since this last post, I have been through a second upgrade of Fedora to Fedora Core 5 and Apache 2.2.0(Fedora). I do not use this server frequently, but I need to depend on it again and I have tried to create new users, but once again I am getting the identical errors I reported in the post above with these new users. SELinux is not enabled according to my Security Level Tool.

What could it be this time? All my user permissions are set identically and I have three older users that can be served without any problems. My HTTP error log says "(13) permission denied: Access to ... denied".

What could be the problem this time?

Any and all tips and clues would be appreciated.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache UserDir ]SK[ Linux - Software 4 06-18-2005 12:10 PM
Apache userdir. collen Linux - Networking 1 01-28-2005 12:24 PM
apache UserDir public_html problem aeshley Linux - Newbie 4 11-29-2004 01:58 AM
Apache UserDir Abbaddon Slackware 12 09-15-2004 11:28 AM
apache UserDir public_html problem aeshley Linux - Networking 4 01-17-2002 03:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration