apache "You don't have permission to access"

[dorispan]

Hi, I want to use a folder other than /var/www/xxx to as a directory in apache.
But I met an error "You don't have permission to access"

My configuration in /etc/httpd/conf.d

Code:

Alias /doris/ "/home/doris/Web/"
<Directory "/home/doris/Web">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

When a type http://127.0.0.1/doris/ in my web browser, I get:

Code:

You don't have permission to access /doris/ on this server.

At first I got SElinux setting promote from fedora, and I set what it required to set as:

Code:

sudo setsebool -P httpd_enable_homedirs 1
sudo setsebool -P httpd_read_user_content 1

Then the SElinus promotion stops, but I still get the same error.

Then I tried to use chmod, but I still get this error even if I chomd 777 ~/Web/ -R

What else could I do if I want to write html in my own folder instead of the sys folder?

[glennzo]

A couple thoughts. I may be way off but nothing to lose.
* Turn off SELinux temporarily and see if you can access the server.
* Would it be an ownership problem? Owner is root instead of doris?

[urzasrage]

Apache process will need read and execute permission on /home/doris/ in order for your setup to work.

mod_userdir might be want you are looking for and a better alternative.
http://httpd.apache.org/docs/2.0/mod/mod_userdir.html

[lightman47]

try (as su):
chmod -R 755 /home/doris/Web


Found in the httpd.conf file comments.

[vefoda]

I created a Directory in my home directory as Web the path to that directory is
/home/<Usr Name>/Web

and issued the command "chmod -R 755 /home/<Usr Name>/Web" as root I think the command got executed without any errors and the root prompt was returned.

I modified the ServerRoot "/etc/httpd" to the above Directory path which is /home/<User Name/Web by editing httpd.conf and saving it.Then I stopped httpd and tried to start But it is not starting and the error is as follows

Quote:

Starting httpd: httpd: Syntax error on line 57 of /etc/httpd/conf/httpd.conf: ServerRoot must be a valid directory

What is the path that I can take to specify A ServerRoot of My Choosing?

[lightman47]

OK - it looks like you're trying to create "pages" for your users. This explains a ton.
Restore the ServerRoot line (where the Apache program settings are) back to what it was. In my case, is: ServerRoot "/etc/httpd" . I suspect yours is the same.

The find the line: #UserDir public_html and un-comment it (remove the pound sign)\

Exit - saving your conf file.

In each User home directory, now create the directory "public_html" (case IS important in Linux)
- this is where Users will place their content, and outsiders will go to see it -

Is this what you were trying to do? If so, you aren't as far as you think from pulling this off! Yell.

[vefoda]

What I want to Do is learn PHP programming on my machine using Apache and MySQL.The Default Home Directory or DocumentRoot as you may well know is "/var/www/html", But the problem is I am not able to save any .php file in html Directory unless ownership of the html directory is passed to User(to me) using chown.Since this is a system setting I do not want to change this security restriction so I want to find an alternative path to save .php files and access them through httpd as localhost to be displayed by Firefox

Pls Note:- I mixed up the two ServerRoot and the DocumentRoot terms

[lightman47]

A concept issue, I am thinking. Apache is a (your) Web page server to the outside world. That's all Apache does - serve Web pages to folk who go to your local Web site. MySQL is a database/database QUERY tool. It manages DATA and access to it.

Now - for posting things to /var/www/html (on my pretty-default system) you need to be 'root'

??

[jpollard]

This is addressed in the HTTP configuration file.

1. enable the UserDir entry: "UserDir enable"

2. uncommment the next UserDIR line (and/or modify it for your choice): "UserDir public_html

3.Set the SELinux boolean control "httpd_enable_homedirs" to "on" to allow apache to access the users "public_html" (or whatever you called it).

3a. restart apache

4. Let the user create their "public_html" directory in their home directory, then use "chcon -t httpd_user_content_t public_html" to set the security label.

5. Let the user set permission bits (chmod +rx public_html) on the directory.

This will grant READ ONLY access to files (and php scripts).

The URL for access is "//<host>/~<username>/".

[vefoda]

Yse You are correct But I don;t want to login as root every time I have to save a .php file for testing so I want to specify another DocumentRoot Under my Home Directory where I have the privilege to save and edit files without the trouble of having to login as root every time I have to save .php file and view it through Firefox using Apache to serve the page.But when I specify a directory under my Home directory SELinux stops httpd from accessing it.What I want to know is how to give the privilege to httpd to access the Directory I have created under my home home Directory to used as DocumentRoot.Part of the message I got from SELinux is

Quote:

SELinux is preventing /usr/sbin/httpd from search access on the directory /home/<Host Name>.

***** Plugin catchall_boolean (47.5 confidence) suggests *******************

If you want to allow httpd to read user content
Then you must tell SELinux about this by enabling the 'httpd_read_user_content' boolean.
Do
setsebool -P httpd_read_user_content 1

***** Plugin catchall_boolean (47.5 confidence) suggests *******************

If you want to allow httpd to read home directories
Then you must tell SELinux about this by enabling the 'httpd_enable_homedirs' boolean.
Do
setsebool -P httpd_enable_homedirs 1

If I execute the command "setsebool -P httpd_read_user_content 1" "setsebool -P httpd_enable_homedirs 1"
Does this grant the privilege to httpd to access the contents of every User.?

I want to know How to grant httpd the permission only to access contents of a particular User?

I mentioned about MySQL only to give you an idea of what I am trying to do

[jpollard]

Quote:

Originally Posted by vefoda

If I execute the command "setsebool -P httpd_read_user_content 1" "setsebool -P httpd_enable_homedirs 1"
Does this grant the privilege to httpd to access the contents of every User.?

No. Only to the directory public_html, and only when that directory is labeled with the type "httpd_read_user_content".

Quote:

I want to know How to grant httpd the permission only to access contents of a particular User?

No problem. The http configuration file directive "UserDir enable" accepts a list (comma separated) of users that are allowed.

Quote:

I mentioned about MySQL only to give you an idea of what I am trying to do

That shouldn't be a problem. Any php file that connects to the database must have the password for that connection. NOTE: the process making that connection is the apache account, not the user.

[vefoda]

Below is the UserDir part of my httpd.conf file

Quote:

<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir enable vefoda

#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disabled" line above, and uncomment
# the following line instead:
#
UserDir public_html

</IfModule>

The DocumentRoot Settings

Quote:

DocumentRoot "/home/vefoda/public_html"

<Directory "/home/vefoda/public_html">

I then logged in as root and executed the commands
1 setsebool -P httpd_read_user_content 1
2 setsebool -P httpd_enable_homedirs 1

3 Created the Directory public_html in the home Directory
/home/vefoda/public_html
4 Executed the command at root
chmod +rx /home/vefoda/public_html

5 Stopped httpd and started(Started and Message displayed Ok in Green)

But the problem is I am not able to access the public_html by using localhost/vefoda the result is a 403 Forbidden Page

Quote:

Forbidden

You don't have permission to access / on this server.
Apache/2.2.17 (Fedora) Server at 127.0.0.1 Port 80

What is that I should do to access the public_html folder contents through a Web Browser?

[jpollard]

Your document root definition is bad.

Normally, the document root belongs to Apache. The default configuration file has:

Code:

DocumentRoot   "/var/www/html"

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

Your indicated URL is "localhost/vefoda", which very likely doesn't exist.
I suspect the "AllowOverride None" is blocking root access, but I'm not sure as there appears be possible confusion over the path..

With the normal configuration file, you would access the public_html
directory with the URL "http://localhost/~vefoda".

[dorispan]

Dear all,

I tried to turn off selinux and I tried to set the UserDir option, but it still do not work.

Neither http://127.0.0.1/user/ nor http://127.0.0.1/~user/ could be accessed.

What else configurations could I set?

[jpollard]

try setting world read access to the files and search (x) on the directories.

don't forget to set it also on your home directory.