Greg Lopp on 27 Jul 2006 15:09:42 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Apache problem


Here at work, I've been provided with an install of RedHat Enterprise Linux v4. I would like to get user directories working, but it is failing for some reason. When I try to get http://127.0.0.1/~greg/, it gives me a 403 page that says:
#######################
Forbidden
You don't have permission to access /~greg/ on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
------------------------------------------------------------------------
Apache/2.0.52 (Red Hat) Server at 127.0.0.1 Port 80
########################


Sounds like a simple configuration problem, right? Well, my /etc/httpd/httpd.conf says:
########################
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
#UserDir disable


#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/public_html/>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
########################
I don't know my Apache directives all that well, so I could be missing something there. All I've done is make that small change to enable UserDir. Everything else is the default config.


What about file permissions? This is the thing that has me confused. I set strace on one of the httpd processes and watched it process the request:
########################
accept(3, {sa_family=AF_INET6, sin6_port=htons(33156), inet_pton(AF_INET6, "::ffff:127.0.0.1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 12
semop(294919, 0x142746, 1) = 0
getsockname(12, {sa_family=AF_INET6, sin6_port=htons(80), inet_pton(AF_INET6, "::ffff:127.0.0.1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
fcntl64(12, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0
read(12, "GET /~greg/ HTTP/1.1\r\nHost: 127."..., 8000) = 425
gettimeofday({1154012279, 325121}, NULL) = 0
open("/etc/passwd", O_RDONLY) = 13
fcntl64(13, F_GETFD) = 0
fcntl64(13, F_SETFD, FD_CLOEXEC) = 0
fstat64(13, {st_mode=S_IFREG|0644, st_size=1955, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fff000
read(13, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1955
close(13) = 0
munmap(0xb7fff000, 4096) = 0
stat64("/home/greg/public_html/", 0xbff34564) = -1 EACCES (Permission denied)
lstat64("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/home/greg", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/home/greg/public_html", 0xbff34544) = -1 EACCES (Permission denied)
gettimeofday({1154012279, 355964}, NULL) = 0
write(7, "[Thu Jul 27 09:57:59 2006] [erro"..., 102) = 102
writev(12, [{"HTTP/1.1 403 Forbidden\r\nDate: Th"..., 181}, {"<!DOCTYPE HTML PUBLIC \"-//IETF//"..., 403}], 2) = 584
write(9, "127.0.0.1 - - [27/Jul/2006:09:57"..., 163) = 163
shutdown(12, 1 /* send */) = 0
########################
As seen above and confirmed elsewhere, /home has 755 permissions and /home/greg has 755 permissions. Apache chokes, however, when it tries to lstat64() /home/greg/public_html, but that directory also has 755.


The strace suggests that this is a simple file permissions problem, but I don't understand why it would get that EACCES failure. What am I missing?

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug