| View previous topic :: View next topic |
| Author |
Message |
Mighty3k
n00b
Joined: 26 Feb 2005
Posts: 49
Location: Sweden
|
 Posted: Tue May 31, 2005 7:23 pm Post subject: access home dir by http |
 |
|
Hi there!
I installed apache today and figured I wanted my home directory as the document root so I changed the .conf file.
(Because my home folder is also the home folder of my "ftp-uploader-account" and I want to be able to view the files I upload via ftp in a ordinary browser without having to use ftp:// and give everyone my password. Kinda.. ^^)
However I'm not allowed to access it..
So I guess my question would be: How do I change the permission of my home folder ^^
_________________
---
Mighty |
|
| Back to top |
|
 |
RayDude
Advocate
Joined: 29 May 2004
Posts: 2094
Location: San Jose, CA
|
| Posted: Tue May 31, 2005 8:11 pm Post subject: Re: access home dir by http |
|
|
| Mighty3k wrote: | Hi there!
I installed apache today and figured I wanted my home directory as the document root so I changed the .conf file.
(Because my home folder is also the home folder of my "ftp-uploader-account" and I want to be able to view the files I upload via ftp in a ordinary browser without having to use ftp:// and give everyone my password. Kinda.. ^^)
However I'm not allowed to access it..
So I guess my question would be: How do I change the permission of my home folder ^^ |
When you say you are not allowed to access it, what does that mean?
There is a user called apache who needs read permission to your home directory in order to share it to the web.
By default your home directory should be read accessable by everyone. If apache can't read it, there's a reason for it. Its probably something to do with the way you configured apache with /etc/apache2/httpd.conf.
Please post your httpd.conf file (relevent sections only) and we'll see what we can figure out.
Raydude
_________________
Some day there will only be free software. |
|
| Back to top |
|
|
Mighty3k
n00b
Joined: 26 Feb 2005
Posts: 49
Location: Sweden
|
| Posted: Tue May 31, 2005 8:24 pm Post subject: Re: access home dir by http |
|
|
| RayDude wrote: |
When you say you are not allowed to access it, what does that mean?
There is a user called apache who needs read permission to your home directory in order to share it to the web.
By default your home directory should be read accessable by everyone. If apache can't read it, there's a reason for it. Its probably something to do with the way you configured apache with /etc/apache2/httpd.conf.
Please post your httpd.conf file (relevent sections only) and we'll see what we can figure out.
Raydude |
I get a http 403 error.
And the only thing I changed in the httpd.conf file was the DocumentRoot found at the top.. The rest is "by default"..
_________________
---
Mighty |
|
| Back to top |
|
|
RayDude
Advocate
Joined: 29 May 2004
Posts: 2094
Location: San Jose, CA
|
| Posted: Tue May 31, 2005 8:44 pm Post subject: Re: access home dir by http |
|
|
| Mighty3k wrote: | | RayDude wrote: |
When you say you are not allowed to access it, what does that mean?
There is a user called apache who needs read permission to your home directory in order to share it to the web.
By default your home directory should be read accessable by everyone. If apache can't read it, there's a reason for it. Its probably something to do with the way you configured apache with /etc/apache2/httpd.conf.
Please post your httpd.conf file (relevent sections only) and we'll see what we can figure out.
Raydude |
I get a http 403 error.
And the only thing I changed in the httpd.conf file was the DocumentRoot found at the top.. The rest is "by default".. |
Please post the conf file anyway. You have to change more than the document root line for it to work...
The apache logs will help you debug as well...
Raydude
_________________
Some day there will only be free software. |
|
| Back to top |
|
|
RayDude
Advocate
Joined: 29 May 2004
Posts: 2094
Location: San Jose, CA
|
| Posted: Tue May 31, 2005 8:51 pm Post subject: Re: access home dir by http |
|
|
You also have to change the directory:
| Code: | <Directory "/mnt/raid1/www/domain.org/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiV$
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess fil$
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory> |
Raydude
_________________
Some day there will only be free software. |
|
| Back to top |
|
|
adsmith
Veteran
Joined: 26 Sep 2004
Posts: 1386
Location: NC, USA
|
| Posted: Tue May 31, 2005 8:51 pm Post subject: |
|
|
By the way, I really don't like the security implications of this....
you'll need to do at least "chmod o+rx ~" |
|
| Back to top |
|
|
RayDude
Advocate
Joined: 29 May 2004
Posts: 2094
Location: San Jose, CA
|
| Posted: Tue May 31, 2005 8:53 pm Post subject: |
|
|
| adsmith wrote: | By the way, I really don't like the security implications of this....
you'll need to do at least "chmod o+rx ~" |
I thought about that and decided it really doesn't change much as long as he doesn't give the world write permission...
Feels like it could be dangerous though, don't it?
Raydude
_________________
Some day there will only be free software. |
|
| Back to top |
|
|
adsmith
Veteran
Joined: 26 Sep 2004
Posts: 1386
Location: NC, USA
|
| Posted: Tue May 31, 2005 8:56 pm Post subject: |
|
|
Well, I for one wouldn't want a random web browser finding my gpg and ssh private keys, or my private emails, ...
or any .rc files that might contain a password by poor design (.fetchmailrc) |
|
| Back to top |
|
|
RayDude
Advocate
Joined: 29 May 2004
Posts: 2094
Location: San Jose, CA
|
| Posted: Tue May 31, 2005 9:13 pm Post subject: |
|
|
| adsmith wrote: | Well, I for one wouldn't want a random web browser finding my gpg and ssh private keys, or my private emails, ...
or any .rc files that might contain a password by poor design (.fetchmailrc) |
Oh yeah. Or my .thunderbird directory, etc etc etc.
Thanks for reminding me what's in there!
Raydude
_________________
Some day there will only be free software. |
|
| Back to top |
|
|
jamapii
l33t
Joined: 16 Sep 2004
Posts: 637
|
| Posted: Tue May 31, 2005 10:24 pm Post subject: |
|
|
you might need a <Directory> directive in httpd.conf to allow access:
| Code: | <Directory /home/user>
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
|
|
|
| Back to top |
|
|
Mighty3k
n00b
Joined: 26 Feb 2005
Posts: 49
Location: Sweden
|
| Posted: Wed Jun 01, 2005 2:00 pm Post subject: |
|
|
the home folder do only contain files uploaded from a special ftp account and the comp. isn't used for anything else then uploading/downloading files.. ^^
there isn't anything I know of else then the uploaded files in that directory. the home folder spoken of is not the home folder of the "regular" user for ssh etc.
but hey, thanks, I'll try changing that... if it doesn't work I'll post the .conf
or if you have anyother solution to the "view uploaded files in a browser without having to move them"-problem you're most welcome!
_________________
---
Mighty |
|
| Back to top |
|
|
Mighty3k
n00b
Joined: 26 Feb 2005
Posts: 49
Location: Sweden
|
| Posted: Thu Jun 02, 2005 10:27 pm Post subject: |
|
|
| Code: | ### /etc/apache2/conf/apache2.conf
### $Id: apache2.conf,v 1.1 2004/03/22 21:17:57 stuart Exp $
###
### Main Configuration Section
### You really shouldn't change these settings unless you're a guru
###
ServerRoot /usr/lib/apache2
ServerName KrullServer
#LockFile /etc/apache2/apache2.lock
PidFile /var/run/apache2.pid
ErrorLog logs/error_log
LogLevel warn
DocumentRoot /home/ftp/
### Dynamic Shared Object (DSO) Support
###
### You should always leave these three, as they are needed for normal use.
### mod_access (Order, Allow, etc..)
### mod_log_config (Transferlog, etc..)
### mod_mime (AddType, etc...)
###
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule mime_module modules/mod_mime.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
###
### New Modules for 2.0 (some are experimental)
###
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule echo_module modules/mod_echo.so
LoadModule charset_lite_module modules/mod_charset_lite.so
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule case_filter_module modules/mod_case_filter.so
LoadModule case_filter_in_module modules/mod_case_filter_in.so
LoadModule deflate_module modules/mod_deflate.so
#LoadModule optional_hook_export_module modules/mod_optional_hook_export.so
#LoadModule optional_hook_import_module modules/mod_optional_hook_import.so
#LoadModule optional_fn_import_module modules/mod_optional_fn_import.so
#LoadModule optional_fn_export_module modules/mod_optional_fn_export.so
#LoadModule bucketeer_module modules/mod_bucketeer.so
LoadModule logio_module modules/mod_logio.so
###
### Global Configuration
###
# Splitting up apache2.conf into two files makes it easier to support
# multiple configurations on the same serer. In commonapache2.conf
# you keep directives that apply to all implementations and in this
# file you keep server-specific directives. While we don't yet have
# multiple configurations out-of-the-box, this allows us to do that
# in the future easily. (PERLPROXIED *ahem*)
#
# For Apache2 we load all conf files in conf/modules.d
Include conf/modules.d/*.conf
Include conf/commonapache2.conf
###
### IP Address/Port
###
#BindAddress *
Listen 80
###
### Log configuration Section
###
<IfModule mod_log_config.c>
#Single logfile with access, agent and referer information
#This is the default, if vlogs are not defined for the main server
CustomLog logs/access_log combined env=!VLOG
#If VLOG is defined in conf/vhosts/vhosts.conf, we use this entry
#CustomLog "|/usr/sbin/apache2splitlogfile" vhost env=VLOG
</IfModule>
###
### Virtual Hosts
###
# We include different templates for Virtual Hosting. Have a look in the
# vhosts directory and modify to suit your needs.
#Include conf/vhosts/vhosts.conf
#Include conf/vhosts/dynamic-vhosts.conf
#Include conf/vhosts/virtual-homepages.conf
###
### Performance settings Section
###
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15
# prefork MPM [THIS IS THE DEFAULT]
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule prefork.c>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
# perchild MPM
# NumServers: constant number of server processes
# StartThreads: initial number of worker threads in each server process
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# MaxThreadsPerChild: maximum number of worker threads in each server process
# MaxRequestsPerChild: maximum number of connections per server process
<IfModule perchild.c>
NumServers 5
StartThreads 5
MinSpareThreads 5
MaxSpareThreads 10
MaxThreadsPerChild 20
MaxRequestsPerChild 0
</IfModule>
<Directory /home/ftp>
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
|
This is the whole conf as it looks now.. adding the directory didn't help..
_________________
---
Mighty |
|
| Back to top |
|
|
Mighty3k
n00b
Joined: 26 Feb 2005
Posts: 49
Location: Sweden
|
| Posted: Sat Jun 04, 2005 12:31 pm Post subject: |
|
|
*bump*
sorry... but I really need help with this..
if I can't change the root of apache to my homefolder, is there any other way I could solve this without having to manually move each file after uploading them to the server?
_________________
---
Mighty |
|
| Back to top |
|
|
RayDude
Advocate
Joined: 29 May 2004
Posts: 2094
Location: San Jose, CA
|
| Posted: Sat Jun 04, 2005 6:54 pm Post subject: |
|
|
First off, with my latest experience I remembered an oddity in the new versions of Apache 2 (I'm running 2.0.54-r6). /etc/init.d/apache2 restart DOES NOT WORK. You have to /etc/init.d/apache2 stop and then /etc/init.d/apache2 start, to successfully restart apache. Probably should report this as a bug.
Now on to what I figured out.
I couldn't setup my server to serve only ftp, because it runs my domain, but I did set up a virtual host, and I reccomend you do the same.
First off you need to make sure the ip addy of the apache machine is in all the machines that will be browsing the ftp web site of apache. So edit these machine's host file to include something like this:
| Code: | | ip.addy.of.apache ftp.mydomain.com (you may list other names as well, like www.mydomain.com etc) |
Then, you need to get the default apache configuration back so that you have a known working httpd.conf file. Unless you made a back up, re-emerging apache and doing an etc-update is probably the best way to restore the files.
Then make sure that /etc/apache2/httpd.conf reads in all the conf files from the vhosts directory (this was in my default httpd.conf file).
Then edit the vhosts file: /etc/apache2/vhosts.d/vhosts.conf and make it look something like this:
| Code: | <VirtualHost *:80>
ServerName ftp.mydomain.com
DocumentRoot /home/ftp
<Directory /home/ftp>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
</VirtualHost> |
Next restart apache:
| Code: | /etc/init.d/apache2 stop
/etc/init.d/apache2 start |
Then try browsing ftp.mydomain.com from the other machines, it should work.
Raydude
_________________
Some day there will only be free software. |
|
| Back to top |
|
|
Mighty3k
n00b
Joined: 26 Feb 2005
Posts: 49
Location: Sweden
|
| Posted: Sat Jun 04, 2005 7:39 pm Post subject: |
|
|
thaaank yooou!
it works.. almost..
I can only view files in that directory, no folders are listed..
How do I fix this?
_________________
---
Mighty |
|
| Back to top |
|
|
Mighty3k
n00b
Joined: 26 Feb 2005
Posts: 49
Location: Sweden
|
| Posted: Sat Jun 04, 2005 7:54 pm Post subject: |
|
|
Nevermind.. the permissions were screwed up.. ^^
however it now works super!
thank you! 
_________________
---
Mighty |
|
| Back to top |
|
|
RayDude
Advocate
Joined: 29 May 2004
Posts: 2094
Location: San Jose, CA
|
| Posted: Sat Jun 04, 2005 8:58 pm Post subject: |
|
|
| Mighty3k wrote: | Nevermind.. the permissions were screwed up.. ^^
however it now works super!
thank you! |
Please add [solved] to the thread title.
Glad its working for you.
Raydude
_________________
Some day there will only be free software. |
|
| Back to top |
|
|
|
Networking & Security
