Apache 403 errors

Shockey

2[H]4U
Joined
Nov 24, 2008
Messages
2,204
Hello,

I'm trying to setup a Apache server to use virtual host. I have successfully gotten Apache not to error but to serve up the files, I receive a 403 when trying to access with firefox.



The error log reports this
Code:
cat ./public_html/domainname.info/log/error.log                                     [Tue Jun 01 16:42:09 2010] [error] [client 192.168.1.64] (13)Permission denied: access to / denied
[Tue Jun 01 16:42:19 2010] [error] [client 192.168.1.64] (13)Permission denied: access to /domainname.info denied
[Tue Jun 01 16:55:43 2010] [error] [client 192.168.1.64] (13)Permission denied: access to / denied
[Tue Jun 08 13:02:37 2010] [error] [client 192.168.1.64] (13)Permission denied: access to / denied
[Tue Jun 08 13:02:37 2010] [error] [client 192.168.1.64] (13)Permission denied: access to /favicon.ico denied
[Tue Jun 08 13:02:37 2010] [error] [client 192.168.1.64] (13)Permission denied: access to /favicon.ico denied
[Tue Jun 08 13:02:40 2010] [error] [client 192.168.1.64] (13)Permission denied: access to /favicon.ico denied
[Tue Jun 08 13:03:35 2010] [error] [client 192.168.1.64] (13)Permission denied: access to / denied
[Tue Jun 08 13:04:18 2010] [error] [client 192.168.1.64] (13)Permission denied: access to /index.html denied
[Tue Jun 08 13:10:41 2010] [error] [client 192.168.1.64] (13)Permission denied: access to /index.html denied
[Tue Jun 08 13:13:24 2010] [error] [client 192.168.1.64] (13)Permission denied: access to /index.html denied
[Tue Jun 08 13:13:26 2010] [error] [client 192.168.1.64] (13)Permission denied: access to /index.html denied
[Tue Jun 08 13:15:12 2010] [error] [client 192.168.1.64] (13)Permission denied: access to /index.html denied
[Tue Jun 08 13:40:14 2010] [error] [client 192.168.1.64] (13)Permission denied: access to /index.html denied
[xxx@webserv Jeremy]# # cat ./public_html/domainname.info/log/error.log                                     [Tue Jun 01 16:42:09 2010] [error] [client 192.168.1.64] (13)Permission denied: access to / denied


Here the permissions set to this file
Code:
 ls -l ./public_html/websiteurl.info/public/index.html
-rwxr-xr-x 1 Jeremy Jeremy 123 Jun  1 16:10 ./public_html/websiteurl.info/public/index.html

I receive 403 whenever trying to access server by ip/index.html

My virtual host part of httpd.conf looks like this

Code:
<VirtualHost *:80>

  # Admin email, Server Name (domain name) and any aliases
  ServerAdmin shockey@domainname.info
  ServerName domainname.info
  ServerAlias www.domainname.info


  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html
  DocumentRoot /home/Jeremy/public_html/domainname.info/public


  # Custom log file locations
  LogLevel warn
  ErrorLog  /home/Jeremy/public_html/domainname.info/log/error.log
  CustomLog /home/Jeremy/public_html/domainname.info/log/access.log combined

</VirtualHost>


What am i missing/doing incorrectly here? :confused:


Any help would be appreciated.

Thank You, Shockey
 

Digital Cro-Magnon

Limp Gawd
Joined
Jan 10, 2007
Messages
194
Try adding this in your <VirtualHost> section

Code:
 <Directory "/home/Jeremy/public_html/domainname.info/public">

     allow from all
        
     Options -Indexes
        
</Directory>
 

Shockey

2[H]4U
Joined
Nov 24, 2008
Messages
2,204
Thank you for the reply and help. I entered what you posted into my virtual host section. It still shows the 403 forbidden. (entered it right before the custom log section)


Does it matter how i access the server? Ip vs domain name?
 

keenan

2[H]4U
Joined
Aug 5, 2009
Messages
2,695
What are the permissions of the rest of the directories in the hierarchy? Probably your home directory is not executable by the web user.
 

Shockey

2[H]4U
Joined
Nov 24, 2008
Messages
2,204
Code:
[Jeremy@webserv ~]$ ls -l /home/Jeremy
total 8
drwxr-xr-x 3 Jeremy Jeremy 4096 Jun  1 16:08 public_html
[Jeremy@webserv ~]$ ls -l /home/Jeremy/public_html
total 8
drwxrwxr-x 7 Jeremy Jeremy 4096 Jun  1 16:08 weburl.info
[Jeremy@webserv ~]$ ls -l /home
total 8
drwx------ 4 Jeremy Jeremy 4096 Jun  1 16:06 Jeremy

From my understanding of linux file permission. This appears to be owned by me?

Can i have more than 1 group/user have file permission to this folder ect???


Thanks for the help :)
 

keenan

2[H]4U
Joined
Aug 5, 2009
Messages
2,695
drwx------ 4 Jeremy Jeremy 4096 Jun 1 16:06 Jeremy
There's the problem. You need to chmod a+x this.

Though the way I prefer to do this is put all the web files under /var/www and just put a symlink in the user's directory, that way you don't need to give directory list permission to everyone.
 

goalong

n00b
Joined
Oct 25, 2009
Messages
46
Correct me if I'm wrong....
Right now the folder is set such that:
User Jeremy can read, write, and execute.
The group "Jeremy" (the second Jeremy) has no access thus the dashes.
The group "others" or everyone NOT in the group Jeremy or NOT the user Jeremy, i.e. Apache, has no access to the folder.

I would think that at least the group "others" the last 3 dashes in dwrx------ would need Read and Execute.
So chmod a+x /home/jeremy/public_html would only give execute and not read to all users.
I think change mode all users and give them read+execute would be what Jeremy is looking for. i.e. chmod a+rx
Or chmod 755 /home/jeremy/public_html

If giving the everyone or others group is not good, you change the ownership of the directory to Jeremy and Apache. Then give others no access.
chown jeremy:apache or chown jeremy:www-data (relative to your linux) /home/jeremy/public_html
Then do a chmod 750 /home/jeremy/public_html
Now the user Jeremy can read, write and execute, the group Apache can read and execute, the the everyone or others group has no access.


See here for a discussion of chmod:
http://en.wikipedia.org/wiki/Chmod
 
Last edited:

MikeTrike

[H]F Junkie
Joined
Nov 16, 2005
Messages
10,185
Shouldn't the files to belong to the user "apache" ? Since apache is the one running the files.
 

keenan

2[H]4U
Joined
Aug 5, 2009
Messages
2,695
Shouldn't the files to belong to the user "apache" ? Since apache is the one running the files.

Doesn't have to own them, and Apache doesn't always run as 'apache' (the user is www-data on Debian for example). As long as Apache can read the files and execute the directories in the path and read the directory with the file it should work.

public_html and the weburl.info directory have permissions that should work, as does the index.html. As long as his obscuring of irrelevant details hasn't hidden some misconfiguration, anyway.

The problem here is the not-quite-obvious behaviour that you must have execute access to the complete path to read a file. You don't need to grant read access to the directories, so other users can't actually list the directory, but you must grant execute permission. The Jeremy homedir doesn't do that, so it doesn't work.
 

Shockey

2[H]4U
Joined
Nov 24, 2008
Messages
2,204
Doesn't have to own them, and Apache doesn't always run as 'apache' (the user is www-data on Debian for example). As long as Apache can read the files and execute the directories in the path and read the directory with the file it should work.

public_html and the weburl.info directory have permissions that should work, as does the index.html. As long as his obscuring of irrelevant details hasn't hidden some misconfiguration, anyway.

The problem here is the not-quite-obvious behaviour that you must have execute access to the complete path to read a file. You don't need to grant read access to the directories, so other users can't actually list the directory, but you must grant execute permission. The Jeremy homedir doesn't do that, so it doesn't work.

Finally got time to reconfigure my apache config file and the directory. changed it to /var/www/weburl

It works and is showing my test page i created. Also symlink i created is workng and pointing to /var/www/weburl/. Created a symlink in Jeremy(me) home directory under www. :):):):D


Also, I have ssh configured to only accept keys, But in the past I've used SFTP for file transfer in the past. Is their a FTP client that can use ssh keys??

If not what the recommend secure way of transferring files to my web server.


Thanks for help, Much appreciated
 

Shockey

2[H]4U
Joined
Nov 24, 2008
Messages
2,204
Filezilla also can use SSH keys. Filezilla can run on Windows, Linux, and OSX.


Alright i have to check my setting then.

Now i just need help understanding these permissions.

I created a group called www-users and added myself to that group

I've also configured so my users(Me) can write to the /var/www/*****

I can now create files and so forth in the /var/www/weburl/public (Documentroot)


I used this command from a guide to give www-users group read & write permission to the directory and all sub directory s + files

Code:
chmod -R g+rw

chmod -R g+rw /var/www
[root@webserv www]# ls -l /var/www
total 48
drwxrwxr-x 2 root www-users 4096 Apr 4 16:23 cgi-bin
drwxrwxr-x 3 root www-users 4096 Jun 1 15:30 error
drwxrwxr-x 2 root www-users 4096 Apr 4 16:23 html
drwxrwxr-x 3 root www-users 4096 Jun 1 15:30 icons
drwxrwxr-x 7 root www-users 4096 Jun 1 15:44 weburl.info


Is this correct, I only ask because everything i read shows file permission separated by dash between user- group- others
This doesn't look correct to me from all the guides i read. They seem to separate the user from group with dashes. :confused: what my ls -l /var/www show differently :p


Thanks for the help !!!!
 

Digital Cro-Magnon

Limp Gawd
Joined
Jan 10, 2007
Messages
194
I think it should be:

Code:
chown -R root:www-users /path/to/directory

The -R option states to recursively traverse the file tree /path/to/directory and set the ownership to the permissions given.

Code:
chmod -R 664 /path/to/directory

To set read and write permissions recursively. Write for owner and group and read for all others.
 

keenan

2[H]4U
Joined
Aug 5, 2009
Messages
2,695
Is this correct, I only ask because everything i read shows file permission separated by dash between user- group- others
This doesn't look correct to me from all the guides i read. They seem to separate the user from group with dashes. :confused: what my ls -l /var/www show differently :p


Thanks for the help !!!!

Looks right to me. The permissions listed in ls -l aren't separated by dashes, the dashes indicate that that permission is not set. It goes like

-rwxrwxrwx

For full permissions for everyone (the first character tells you any special attributes the file has, like 'd' for directories or 's' if the sticky bit is set, there are a few more). If you start removing permissions, those become dashes.
 

Shockey

2[H]4U
Joined
Nov 24, 2008
Messages
2,204
Looks right to me. The permissions listed in ls -l aren't separated by dashes, the dashes indicate that that permission is not set. It goes like

-rwxrwxrwx

For full permissions for everyone (the first character tells you any special attributes the file has, like 'd' for directories or 's' if the sticky bit is set, there are a few more). If you start removing permissions, those become dashes.

Alright thanks for the help. I configured apache virtualhost ect and got it all working. Now i went to setup mysql and i can't seem to start the deamon.

whenever i try execute "/etc/init.d/mysqld start or service mysqld start i receive this error.

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' and also service not found.


mysql is installed but i can't seem to start the deamon.

Anyone have any advice on what to look at. googling gives mixed results.
 
Top