403 Forbidden

Mr tim esquire · #1 7th October 2009, 12:23 PM

I'm trying to setup drupal:

Code:

[tim@computim httpd]$ cd /var/www/html/
[tim@computim html]$ ls -l
total 0
lrwxrwxrwx. 1 root root 18 2009-10-07 11:50 drupal -> /usr/share/drupal/

when i head to http://localhost/drupal
i get:

Forbidden
You don't have permission to access /drupal on this server.

I think under ubuntu the html folder is owned by a www user maybe there is a similar user under fedora?

mndar · #2 7th October 2009, 12:37 PM

What are the permissions of /usr/share/drupal/ ?

dhimes · #3 7th October 2009, 12:41 PM

Take the following with a grain of salt, as I'm no expert.

I set up a web server so that it served from my dir: dhimes/public_html
dhimes set to chmod 711
public_html set to 755

here's what stumped me: I recently restored the directories and sub-directories under public_html, and had to set their permissions by hand (I set them to 755). When I first created them I didn't need to do that, but copying them from a backup (I upgraded to f11 with a fresh install) I had to set them.

Mr tim esquire · #4 7th October 2009, 12:48 PM

Code:

[root@computim share]# ls -l /usr/share | grep drupal
drwxr-xr-x.    8 root root   4096 2009-10-06 23:49 drupal

which looks ok to me

dhimes · #5 7th October 2009, 01:15 PM

That directory is fine, but it's the others that are giving you a problem.

dhimes · #6 7th October 2009, 01:24 PM

If you are way ahead of my, I'll say this in case it means something to you. The User is apache and the Group is apache

Also, if Drupal is index.php rather than index.html, you may have to set that up in the /etc/httpd/conf/httpd.conf file (search DirectoryIndex in that file)

That file also explains directories and permissions (search DocumentRoot and UserDir)

HTH

pete_1967 · #7 7th October 2009, 01:50 PM

First make sure you allow Apache to follow symlinks in the httpd.conf since that's what you're trying to use.

Mr tim esquire · #8 7th October 2009, 02:44 PM

have symlinks set to includes for /var/www/html i think:

Code:

# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/var/www/html">

#
# Possible values for the Options directive are "None", "All",
# or any combination of:
#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
    Options Includes FollowSymLinks

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
    AllowOverride All

#
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all

</Directory>

Ive seen it suggested that you just change the apache user and group to your day-to-day user in the httpd.conf file.

How can I grant the apache group permissions to a directory? chown?

Mr tim esquire · #9 7th October 2009, 02:46 PM

Code:

[root@computim ~]# tail /var/log/httpd/error_log | grep drupal
[Wed Oct 07 12:55:17 2009] [error] [client ::1] client denied by server configuration: /usr/share/drupal

according to Apache docs
This message is generally caused because either

* The underlying file system permissions do not allow the User/Group under which Apache is running to access the necessary files; or
* The Apache configuration has some access restrictions in place which forbid access to the files.

Mr tim esquire · #10 7th October 2009, 03:09 PM

Funny thing is my symlink to phpMyAdmin works fine. phpMyAdmin is also in /usr/share and seems to have all the same permissions set for its files and folders as the problematic drupal folder. Checked the .htaccess and it looks fine - must be some drupal specific thing

pete_1967 · #11 7th October 2009, 04:03 PM

Code:

ls -lZ /usr/share/drupal

And paste back the result (for comparison, you can run same on phpMyAdmin dir.

Mr tim esquire · #12 7th October 2009, 06:20 PM

Whats this? you taking me to SELinux places?

Code:

[root@computim share]# ls -lZ /usr/share/drupal
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 COPYRIGHT.txt
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 cron.php
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 includes
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 index.php
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 install.php
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 misc
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 modules
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 profiles
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 robots.txt
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 scripts
lrwxrwxrwx. root root system_u:object_r:httpd_sys_content_t:s0 sites -> ../../../etc/drupal
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 themes
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 update.php
-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 xmlrpc.php

Mr tim esquire · #13 7th October 2009, 06:24 PM

phpMyAdmin has different security group

Code:

[root@computim share]# ls -lZ /usr/share/phpMyAdmin/
-rw-r--r--. root root system_u:object_r:usr_t:s0       browse_foreigners.php
...

Mr tim esquire · #14 7th October 2009, 08:00 PM

Thanks to zcat on #fedora i used

Code:

rpm -qd drupal|grep fedora

to find drupal install docs

which instructed me to edit /etc/httpd/conf.d/drupal.conf and uncomment the appropriate line:

Code:

#Uncomment the following line for setup
#Allow from 127.0.0.1

then

Code:

[tim@computim conf.d]$ sudo service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for computim
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
                                                           [  OK  ]

Hope someone finds this and it saves them a wasted day!

CiaW · #15 9th October 2009, 02:00 AM

In case this helps; using my desktop login for my root alias (under F7 and CentOS -- haven't installed Drupal or server stuff on F11 yet...) I created a group which included my regular (non-root) user, my server (lighttpd) and my root alias; then recursively gave the group create and delete permission to the lighttpd / docroot folder -- which in my case is under /var/www. Then I just used chmod to fix some of the permissions on lower level folders as needed.

I was also having permission issues; and didn't want to have to do everything logged in as root; that solved the issues.