You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by heddy Boubaker <bo...@cena.dgac.fr> on 1998/08/11 17:26:27 UTC

general/2827: srv fail to read .htaccess on mounted home dirs

>Number:         2827
>Category:       general
>Synopsis:       srv fail to read .htaccess on mounted home dirs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          support
>Submitter-Id:   apache
>Arrival-Date:   Tue Aug 11 08:30:01 PDT 1998
>Last-Modified:
>Originator:     boubaker@cena.dgac.fr
>Organization:
apache
>Release:        1.3.0 (Unix)
>Environment:
Server Version: Apache/1.3.0 (Unix) PHP/3.0 mod_perl/1.12
Uname: SunOS geant 5.6 Generic_105181-05 sun4u sparc SUNW,Ultra-4
>Description:
Users home dirs are mounted on /home/username from machine:/export/home/username
when trying to access /~username and if <Directory /home> have no "AllowOverride None"
directive the server try to get /home/.htaccess (which is the correct behavior)
but fail for an unknown reason - in fact this is a known automounter pb/behavior -
 (from error_log: "[crit] (13)Permission denied: /home/.htaccess pcfg_openfile: 
unable to check htaccess file, ensure it is readable") so after that ALL user
stuff became unreadable. We need to allow .htaccess on ~user , is there a way 
to acheive that only w server configuration?  
>How-To-Repeat:

>Fix:
Allow AccessFileName to be specified in <Directory> so that we could do things like
<Directory /home>
	AccessFileName /dev/null
</Directory>
<DirectoryMatch "^/home/[^/]+/public_html/">
	AccessFileName	.htaccess
</DirectoryMatch>
And for security reason add a new AllowOverride directive to tell if AccessFileName
could be overriden or not.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]