You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Programmer In Training <pi...@joseph-a-nagy-jr.us> on 2010/02/13 00:03:40 UTC

[users@httpd] User Directories On FreeBSD 8.0-RELEASE

I am using the non-ports version of Apache. I downloaded 2.2.14 from
http://httpd.apache.org/download.cgi#apache22 just a little while ago. I
compiled, installed, got it running with minimal fuss. The issue is with
my user directories (e.g. $HOME/public_html ). I uncommented the line to
include the userdir conf file in the main configuration and started
apache. I get the "It Works" from 127.0.0.1 (this is purely for local
testing). When I go to 127.0.0.1/~usrname/ I get 403 Forbidden. I've
adjusted some of the settings in the userdir conf (had to adjust the
absolute path as the default is just a symlink to the real dir (FreeBSD
setup, not mine)) and I still get the same message. I returned the
userdir.conf file to it's default settings (except for the path to user
dirs) with no luck. Included below is the default setup that was
installed with Apache (I enabled the settings to install the local
manual and that pulls up just fine, nothing in it points to a solution
to this issue) for the userdir conf file.

<Directory "/munge/*/public_html">
    AllowOverride FileInfo AuthConfig Limit Indexes
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST OPTIONS>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>


Am I just having a case of the stupids here? It has been a few years
since I've managed Apache even for local testing.
-- 
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.

Re: [users@httpd] User Directories On FreeBSD 8.0-RELEASE

Posted by Programmer In Training <pi...@joseph-a-nagy-jr.us>.

On 02/13/10 14:30, Daniel Reinhardt wrote:
> 
> Change the indicated line to reflect /home/$user/
> 
> I have used FreeBSD, and there is no symlink to APache to /usr/home.  In
> fact, I do not think that /usr/home even exists unless you create it. 
> The only UNix OS I have used where /home is any other place is solaris
> and that's located in /export/home.
> 
> Thanks,
> Dan

[$USER@hostname] pwd
/usr/home/$USER

I don't know what you were doing, but this is how it was AT INSTALL. I
changed absolutely nothing from the default install of FreeBSD. Even a
close and trusted friend of mine (who has been using FreeBSD longer than
I have) says that /usr/home/* is how FreeBSD sets up user directories.

I do have a /home directory, but this is what it looks like:

[$USER@hostname] cd /home/$USER/
[$USER@hostname] ls
10000fonts/          Home.html            apu-notes
firefox-bin.core     purple.bak/          time-in-between
Desktop/             Home.ics             backups/
fromwindows/         signature-files/     wmaker.core
Downloads/           Personas/            bluefish-projects/
private-public-keys/ soffice.bin.core
GNUstep/             Temp/                documents/
public_html/         sound-themes/
[$USER@hostname] pwd
/usr/home/$USER
[$USER@hostname]

So please, don't tell me that /home isn't a symlink to /usr/home (or
that I changed anything during install).

Changed the line, graceful restart:

I'm /still/ getting 403 Forbidden

Logfile tells me:
[Sat Feb 13 14:54:06 2010] [error] [client 127.0.0.1] client denied by
server configuration: /home/janagyjr/public_html/

If asked, I will attach the httpd.conf (appropriately sanitized) with
httpd-userdir.conf and send it off-list to someone. I don't ever recall
having this much problem with Apache before.
-- 
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.

Re: [users@httpd] User Directories On FreeBSD 8.0-RELEASE

Posted by Daniel Reinhardt <cr...@cryptodan.net>.

--------------------------------------------------
From: "Programmer In Training" <pi...@joseph-a-nagy-jr.us>
Sent: 13 February, 2010 14:21
To: <us...@httpd.apache.org>
Subject: Re: [users@httpd] User Directories On FreeBSD 8.0-RELEASE



On 02/13/10 08:02, Eric Covener wrote:
> On Sat, Feb 13, 2010 at 8:05 AM, Programmer In Training
> <pi...@joseph-a-nagy-jr.us> wrote:
>> On 02/13/10 05:16, Daniel Reinhardt wrote:
>> I still get 403 Forbidden. the public_html
>> directory in question has user and group ownership equal to the owner of
>> the login. Do I need to change that for apache (which is running as
>> daemon.daemon)?
>
> What does the error log say, and can the apache user read/execute all
> the directories from the root directory to the public_html/ ?
>

The error log says:

[Sat Feb 13 08:15:33 2010] [error] [client 127.0.0.1] client denied by
server configuration: /home/$USER/public_html/

The httpd-userdir.conf file tells it:

----------------------------------------------------------------><Directory 
"/usr/home/*/public_html">

There is nothing in httpd.conf to tell it to look in
/home/$USER/public_html/ (on FreeBSD /home/ is a symlink to /usr/home/)

Is there an option I need to set at compile time for this behavior
(which apparently is standard for FreeBSD)? Or is there another config
option I need to set first?
-- 
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.

----------------------------------------------------------

Change the indicated line to reflect /home/$user/

I have used FreeBSD, and there is no symlink to APache to /usr/home.  In fact, I 
do not think that /usr/home even exists unless you create it.  The only UNix OS 
I have used where /home is any other place is solaris and that's located in 
/export/home.

Thanks,
Dan 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] User Directories On FreeBSD 8.0-RELEASE

Posted by Programmer In Training <pi...@joseph-a-nagy-jr.us>.

On 02/13/10 08:02, Eric Covener wrote:
> On Sat, Feb 13, 2010 at 8:05 AM, Programmer In Training
> <pi...@joseph-a-nagy-jr.us> wrote:
>> On 02/13/10 05:16, Daniel Reinhardt wrote:
>> I still get 403 Forbidden. the public_html
>> directory in question has user and group ownership equal to the owner of
>> the login. Do I need to change that for apache (which is running as
>> daemon.daemon)?
> 
> What does the error log say, and can the apache user read/execute all
> the directories from the root directory to the public_html/ ?
> 

The error log says:

[Sat Feb 13 08:15:33 2010] [error] [client 127.0.0.1] client denied by
server configuration: /home/$USER/public_html/

The httpd-userdir.conf file tells it:

<Directory "/usr/home/*/public_html">

There is nothing in httpd.conf to tell it to look in
/home/$USER/public_html/ (on FreeBSD /home/ is a symlink to /usr/home/)

Is there an option I need to set at compile time for this behavior
(which apparently is standard for FreeBSD)? Or is there another config
option I need to set first?
-- 
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.

Re: [users@httpd] User Directories On FreeBSD 8.0-RELEASE

Posted by Eric Covener <co...@gmail.com>.

On Sat, Feb 13, 2010 at 8:05 AM, Programmer In Training
<pi...@joseph-a-nagy-jr.us> wrote:
> On 02/13/10 05:16, Daniel Reinhardt wrote:
> I still get 403 Forbidden. the public_html
> directory in question has user and group ownership equal to the owner of
> the login. Do I need to change that for apache (which is running as
> daemon.daemon)?

What does the error log say, and can the apache user read/execute all
the directories from the root directory to the public_html/ ?

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] User Directories On FreeBSD 8.0-RELEASE

Posted by Programmer In Training <pi...@joseph-a-nagy-jr.us>.

On 02/13/10 05:16, Daniel Reinhardt wrote:
> Here is my httpd-userdir.conf file:
<snip>
> The above works just fine.

Yeah, that is exactly the same as mine.

I went ahead and recompiled Apache, letting mod_userdir be a shared
module to be loaded, thinking that might be at issue. It wasn't and
nothing has changed. I still get 403 Forbidden. the public_html
directory in question has user and group ownership equal to the owner of
the login. Do I need to change that for apache (which is running as
daemon.daemon)?

-- 
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.

Re: [users@httpd] User Directories On FreeBSD 8.0-RELEASE

Posted by Daniel Reinhardt <cr...@cryptodan.net>.

--------------------------------------------------
From: "Programmer In Training" <pi...@joseph-a-nagy-jr.us>
Sent: 12 February, 2010 23:03
To: "Apache Users" <us...@httpd.apache.org>
Subject: [users@httpd] User Directories On FreeBSD 8.0-RELEASE

I am using the non-ports version of Apache. I downloaded 2.2.14 from
http://httpd.apache.org/download.cgi#apache22 just a little while ago. I
compiled, installed, got it running with minimal fuss. The issue is with
my user directories (e.g. $HOME/public_html ). I uncommented the line to
include the userdir conf file in the main configuration and started
apache. I get the "It Works" from 127.0.0.1 (this is purely for local
testing). When I go to 127.0.0.1/~usrname/ I get 403 Forbidden. I've
adjusted some of the settings in the userdir conf (had to adjust the
absolute path as the default is just a symlink to the real dir (FreeBSD
setup, not mine)) and I still get the same message. I returned the
userdir.conf file to it's default settings (except for the path to user
dirs) with no luck. Included below is the default setup that was
installed with Apache (I enabled the settings to install the local
manual and that pulls up just fine, nothing in it points to a solution
to this issue) for the userdir conf file.

<Directory "/munge/*/public_html">
    AllowOverride FileInfo AuthConfig Limit Indexes
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST OPTIONS>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>

Am I just having a case of the stupids here? It has been a few years
since I've managed Apache even for local testing.
-- 
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.

----------------------------------------------------------------------------------------

Here is my httpd-userdir.conf file:

# Settings for user home directories
#
# Required module: mod_userdir

#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.  Note that you must also set
# the default access control for these directories, as in the example below.
#
UserDir public_html

#
# Control access to UserDir directories.  The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory "/home/*/public_html">
    AllowOverride FileInfo AuthConfig Limit Indexes
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST OPTIONS>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>

~
The above works just fine.

However, I need a new router as the one I have has crappy/bugged firmware on it.

Thanks,
Daniel 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] [SOLVED]Re: [users@httpd] User Directories On FreeBSD 8.0-RELEASE

Posted by Programmer In Training <pi...@joseph-a-nagy-jr.us>.

On 02/19/10 09:11, Eric Covener wrote:
> On Fri, Feb 19, 2010 at 10:10 AM, Programmer In Training
> <pi...@joseph-a-nagy-jr.us> wrote:
>> Just thought I'd let you folks know that this was resolved (I took the
>> question to the FreeBSD mailing list because I believed it to be a
>> problem with the OS, turns out it was and it wasn't).
> 
> Can you share the resolution, for archive/search purposes?
> 

Yes, despite /home being a symlink to /usr/home on my system, Apache
apparently looks at "the home directory path returned from getpwent() by
default under FreeBSD that's /home/user1/  Nevermind that much of the
time /home is a symlink to /usr/home -- it's the path returned from the
passwd file that apache uses for comparison, long before trying to
resolve any symlinks and open anything on the hard-drive." (quoted from
the user on the FreeBSD list who explained this to me).

Also, making sure SymLinksIfOwnerMatch and FollowSymLinks is in your
conf files in the appropriate places probably won't hurt.

So based on the above I set
<Directory "/usr/home/*/public_html">

Back to
<Directory "/home/*/public_html">

My confusion in solving this problem was with regard to where Apache
first looks for the directory path. Had I known the above I would have
never set it to /usr/home/*/public_html

Thank you all for your help. It was much appreciated.
-- 
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.

Re: [users@httpd] [SOLVED]Re: [users@httpd] User Directories On FreeBSD 8.0-RELEASE

Posted by Eric Covener <co...@gmail.com>.

On Fri, Feb 19, 2010 at 10:10 AM, Programmer In Training
<pi...@joseph-a-nagy-jr.us> wrote:
> Just thought I'd let you folks know that this was resolved (I took the
> question to the FreeBSD mailing list because I believed it to be a
> problem with the OS, turns out it was and it wasn't).

Can you share the resolution, for archive/search purposes?

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] [SOLVED]Re: [users@httpd] User Directories On FreeBSD 8.0-RELEASE

Posted by Programmer In Training <pi...@joseph-a-nagy-jr.us>.

Just thought I'd let you folks know that this was resolved (I took the
question to the FreeBSD mailing list because I believed it to be a
problem with the OS, turns out it was and it wasn't).

-- 
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.