| View previous topic :: View next topic |
| Author |
Message |
mxc
Guru
Joined: 05 Mar 2003
Posts: 442
Location: South Africa
|
 Posted: Sun Sep 12, 2004 7:21 am Post subject: Apache Access forbidden if directory not under DocumentRoot |
 |
|
Hi all,
I am tearing my hair out over here trying to get Apache2 to allow access to directories not under DocumentRoot
I will post the whole config files if people think it is necessary but for now I will keep it short.
Below are the relevant section, I think:
From apcahe2.conf
| Quote: | Alias /eclipse "/home/mark/workspace"
<Directory "/home/mark/workspace">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
|
From apachecommon.conf
| Quote: | <Directory />
Options -All -Multiviews
AllowOverride None
<IfModule mod_access.c>
Order allow,deny
#Allow from all
Allow from 192.168.10.0/255.255.255.0 127.0.0.1
Deny from all
</IfModule>
</Directory>
|
I can access any site under the DocumentRoot /var/www/localhost/htdocs fine. The error message I get is
| Quote: | Forbidden
You don't have permission to access /eclipse/Test/index.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.0.50 (Gentoo/Linux) mod_ssl/2.0.50 OpenSSL/0.9.7d PHP/5.0.1 Server at gilbert.abc.org Port 80 |
The /home/mark/workspace has the following permissions. I even changed the Test directory's group to apache.
| Quote: | drwxr-xr-x 14 mark users 4096 Sep 12 06:18 .
drwx------ 82 mark users 24576 Sep 12 08:41 ..
drwxr-xr-x 4 mark users 4096 Aug 6 09:29 .metadata
drwxr-xr-x 5 mark users 4096 Aug 23 16:14 HTTPTest
drwxr-xr-x 2 mark apache 4096 Sep 12 06:18 Test
drwxr-xr-x 2 mark users 4096 Sep 9 10:28 WebAppMonitor
|
Within the Test directory.
| Quote: |
drwxr-xr-x 2 mark apache 4096 Sep 12 06:18 .
drwxr-xr-x 14 mark users 4096 Sep 12 06:18 ..
-rw-r--r-- 1 mark apache 376 Sep 12 06:18 .project
-rw-r--r-- 1 mark apache 89 Sep 12 07:03 index.php
-rw-r--r-- 1 mark apache 57 Sep 12 08:37 project.index
|
I am at my wits end. Surely Apache should not be this hard to confiure? I have stopped and restarted apache. |
|
| Back to top |
|
 |
Diorf
n00b
Joined: 05 Jun 2003
Posts: 52
Location: Paris
|
| Posted: Sun Sep 12, 2004 11:49 am Post subject: |
|
|
| Quote: | ls -l /home/mark/workspace
drwx------ 82 mark users 24576 Sep 12 08:41 .. |
I think this line shows the problem... Apache is running under the user/group apache/apache (verify it in the configuration file) and so cannot read the content of the directory /home/mark/workspace.
In order to share files with Apache you have to make sure that :
a directory block exists in the configuration file
Apache can read the data on the filesystem
Because the filesystem is always the last thing to allow or deny access to a particular ressource. So be sure that Apache can read the data with its username and groupname.
Diorf |
|
| Back to top |
|
|
Ian
l33t
Joined: 28 Oct 2002
Posts: 834
Location: Somerville, MA
|
| Posted: Sun Sep 12, 2004 2:43 pm Post subject: |
|
|
I'm having a similar problem, where I installed Gallery through Portage, and I'm now unable to run Gallery, because I get a
Forbidden
You don't have permission to access /gallery/setup/index.php on this server.
whenever I try to run the configuration.
It seems whenever you call a file by name, it will not let you view it, which makes Apache2 useless, because I can't actually let anyone see any files on the webserver, at all. |
|
| Back to top |
|
|
mxc
Guru
Joined: 05 Mar 2003
Posts: 442
Location: South Africa
|
| Posted: Thu Sep 16, 2004 7:05 am Post subject: |
|
|
| Diorf wrote: | | Quote: | ls -l /home/mark/workspace
drwx------ 82 mark users 24576 Sep 12 08:41 .. |
In order to share files with Apache you have to make sure that :
a directory block exists in the configuration file
Apache can read the data on the filesystem
Diorf |
Hi Diorf,
thanks for the advice. I did a chgrp apache workspace but still I get the access forbidden error.  I have restated apache too. I tried to su to apache to test the permissions issue but since the account has a start app of /bin/false this didn't work. |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Thu Sep 16, 2004 7:20 am Post subject: |
|
|
| your /home/mark directory is probably not executable by apache. This needs to also be the case so that apache can traverse the directory. |
|
| Back to top |
|
|
stdPikachu
Apprentice
Joined: 10 Mar 2004
Posts: 254
Location: UK
|
| Posted: Thu Sep 16, 2004 7:09 pm Post subject: |
|
|
I've been seeing this exact same problem with apache2 ever since MythWeb got upgraded (along with introducing that webapp-config thing), which has resulted in everything apache serves as ersulting in a 403 error. Everything in /var/www has been chmodded/owned 777 apache:apache, yet the error still persists...
I'm not even using any vhost configuration at all, which makes the whole thing alot more perplexing. Apache is essentially rendered useless, an dif I can't get it sorted soon I'm probably going to have to scrap it.
Still looking for a solution to this problem... |
|
| Back to top |
|
|
Googolplex
n00b
Joined: 29 May 2003
Posts: 38
|
| Posted: Thu Sep 16, 2004 7:16 pm Post subject: |
|
|
This is not a simple permission thing I don't think.
I also find Apache 2 refuses to display anything except for stuff directly in the document root.
This is driving me insane! 
[EDIT] Oh, and to top it off, when I installed Apache 2 in Windows XP, it displayed everything fine right away. 
[EDIT2] Turns out that the executable bit WAS the cause for some of my trouble. I can now access other folders under the document root, but I still cannot access anything in the public_html folder in my home folder. |
|
| Back to top |
|
|
mc_barron
Apprentice
Joined: 28 Aug 2003
Posts: 230
Location: Chicago, IL
|
| Posted: Fri Oct 15, 2004 3:29 pm Post subject: |
|
|
| mxc wrote: | | Diorf wrote: | | Quote: | ls -l /home/mark/workspace
drwx------ 82 mark users 24576 Sep 12 08:41 .. |
In order to share files with Apache you have to make sure that :
a directory block exists in the configuration file
Apache can read the data on the filesystem
Diorf |
Hi Diorf,
thanks for the advice. I did a chgrp apache workspace but still I get the access forbidden error. I have restated apache too. I tried to su to apache to test the permissions issue but since the account has a start app of /bin/false this didn't work. |
You still won't have access. Here's what the file permissions are:
drwx------
which allows the user to Read/Write/Execute this file. The group members still have NO access to this file. So even though apache is now in the same group as the file, you aren't giving group members read access.
Try this on the directory where all you files are:
| Code: | | chmod g+rx [directory name] |
and try this on all your files that you want accessible in that directory (after changing their groups to apache as well)
| Code: | | chmod g+r [file names] |
|
|
| Back to top |
|
|
|
Networking & Security
