You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Chris Carlson <cc...@istor.com> on 2007/05/24 18:55:38 UTC

[users@httpd] UserDir question

I realize this may be a newbie question answered many times, but I hope
it is simple and someone can give me a quick answer.

We are running Apache 2.0 at our office on a Linux 2.6 system.  I tried
to enable UserDir by modifying the httpd.conf file.  I followed the
instructions found in the file by changing the UserDir entry to
"public_html" in the IfModule mod_userdir.c section.  Then I uncommented
the example Directory section just below it (which enables
/home/*/public_html access).

We haven't yet set up a "default" web page for the server under
/var/www/html, but I don't see why that should be a problem (I could be
wrong).

After shutting down Apache and restarting it, we still get a:

-----------
Forbidden

You don't have permission to access /~jmclaughlin on this server.

Additionally, a 403 Forbidden error was encountered while trying to use
an ErrorDocument to handle the request.
Apache/2.0.52 (Red Hat) Server at swmpu Port 80
------------

I have verified that the apache user can read all the files in
~jmclaughlin/public_html, so that isn't a problem.  What other reason
could there be?


Chris Carlson
iStor Networks, Inc.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] UserDir question

Posted by Chris Carlson <cc...@istor.com>.

Wow!  That was it!  I didn't even know we were running SELinux!

Thank you very much for your assistance.  I really appreciate it.

Chris Carlson
iStor Networks, Inc.


> -----Original Message-----
> From: jslive@gmail.com [mailto:jslive@gmail.com] On Behalf Of Joshua
Slive
> Sent: Thursday, May 24, 2007 10:42 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] UserDir question
> 
> On 5/24/07, Chris Carlson <cc...@istor.com> wrote:
> > I don't think so.  Here's the uname:
> >
> > Linux swmpu 2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:27:17 EDT 2006 i686
i686
> > i386 GNU/Linux
> 
> SELinux is not a distribution of linux. It is a set of kernel patches
> and related libraries that introduce finer-grained security controls.
> 
> See, for example:
> http://docs.fedoraproject.org/selinux-apache-fc3/
> 
> As discussed here:
> http://wiki.apache.org/httpd/Errors/13PermissionDenied
> the error you see in the error log can occur only when the OS denies
> file-system permissions to access the relevant content. Since your
> regular (chmod) permissions are correct, then next place to look is
> SELinux.
> 
> As the wiki mentions "setenforce 0" is one way to test if SELinux is
> causing the problem.
> 
> Joshua.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] UserDir question

Posted by Joshua Slive <jo...@slive.ca>.

On 5/24/07, Chris Carlson <cc...@istor.com> wrote:
> I don't think so.  Here's the uname:
>
> Linux swmpu 2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:27:17 EDT 2006 i686 i686
> i386 GNU/Linux

SELinux is not a distribution of linux. It is a set of kernel patches
and related libraries that introduce finer-grained security controls.

See, for example:
http://docs.fedoraproject.org/selinux-apache-fc3/

As discussed here:
http://wiki.apache.org/httpd/Errors/13PermissionDenied
the error you see in the error log can occur only when the OS denies
file-system permissions to access the relevant content. Since your
regular (chmod) permissions are correct, then next place to look is
SELinux.

As the wiki mentions "setenforce 0" is one way to test if SELinux is
causing the problem.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] UserDir question

Posted by Chris Carlson <cc...@istor.com>.

I don't think so.  Here's the uname:

Linux swmpu 2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:27:17 EDT 2006 i686 i686
i386 GNU/Linux



Chris Carlson
iStor Networks, Inc.


> -----Original Message-----
> From: jslive@gmail.com [mailto:jslive@gmail.com] On Behalf Of Joshua
Slive
> Sent: Thursday, May 24, 2007 10:15 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] UserDir question
> 
> On 5/24/07, Chris Carlson <cc...@istor.com> wrote:
> > Thank you for your quick response.
> >
> > The error log says:
> >
> > [Thu May 24 10:06:07 2007] [error] [client 192.168.50.151]
> > (13)Permission denied: access to /~jmclaughlin denied
> >
> > Yet the permissions on /home are:                       rwxr-xr-x
> > and the permissions on /home/jmclaughlin are:   rwxr-xr-x
> > and /home/jmclaughlin/public_html:                      rwxr-xr-x
> > and /home/jmclaughlin/public_html/index.html:   rwxr--r--
> 
> Are you using SELinux?
> 
> Joshua.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] UserDir question

Posted by Joshua Slive <jo...@slive.ca>.

On 5/24/07, Chris Carlson <cc...@istor.com> wrote:
> Thank you for your quick response.
>
> The error log says:
>
> [Thu May 24 10:06:07 2007] [error] [client 192.168.50.151]
> (13)Permission denied: access to /~jmclaughlin denied
>
> Yet the permissions on /home are:                       rwxr-xr-x
> and the permissions on /home/jmclaughlin are:   rwxr-xr-x
> and /home/jmclaughlin/public_html:                      rwxr-xr-x
> and /home/jmclaughlin/public_html/index.html:   rwxr--r--

Are you using SELinux?

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] UserDir question

Posted by Chris Carlson <cc...@istor.com>.

Thank you for your quick response.

The error log says:

[Thu May 24 10:06:07 2007] [error] [client 192.168.50.151]
(13)Permission denied: access to /~jmclaughlin denied

Yet the permissions on /home are:			rwxr-xr-x
and the permissions on /home/jmclaughlin are:	rwxr-xr-x
and /home/jmclaughlin/public_html:			rwxr-xr-x
and /home/jmclaughlin/public_html/index.html:	rwxr--r--


Thanks again.

Chris Carlson
iStor Networks, Inc.


> -----Original Message-----
> From: jslive@gmail.com [mailto:jslive@gmail.com] On Behalf Of Joshua
Slive
> Sent: Thursday, May 24, 2007 10:00 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] UserDir question
> 
> On 5/24/07, Chris Carlson <cc...@istor.com> wrote:
> 
> > -----------
> > Forbidden
> >
> > You don't have permission to access /~jmclaughlin on this server.
> >
> > Additionally, a 403 Forbidden error was encountered while trying to
use
> > an ErrorDocument to handle the request.
> > Apache/2.0.52 (Red Hat) Server at swmpu Port 80
> > ------------
> >
> > I have verified that the apache user can read all the files in
> > ~jmclaughlin/public_html, so that isn't a problem.  What other
reason
> > could there be?
> 
> What does the error_log say?
> 
> Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] UserDir question

Posted by Joshua Slive <jo...@slive.ca>.

On 5/24/07, Chris Carlson <cc...@istor.com> wrote:

> -----------
> Forbidden
>
> You don't have permission to access /~jmclaughlin on this server.
>
> Additionally, a 403 Forbidden error was encountered while trying to use
> an ErrorDocument to handle the request.
> Apache/2.0.52 (Red Hat) Server at swmpu Port 80
> ------------
>
> I have verified that the apache user can read all the files in
> ~jmclaughlin/public_html, so that isn't a problem.  What other reason
> could there be?

What does the error_log say?

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org