Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Users

Forbidden error using mod_userdir.c

  

 
Apache users RSS feed   Index | Next | Previous | View Threaded


fchan at molsci

Nov 16, 2007, 3:22 PM

Post #1 of 3 (134 views)
Permalink
Forbidden error using mod_userdir.c
Hello,
I have interesting issue with mod_userdir.c to allow users to show
their websites from their directories. I'm running RHL5 with httpd
server 2.2.6 and SELinux is in permissive mode. These directories are
symbolic links to NFS mount but I thought SymLinks would allow this.
I have rebooted the server and this still happens. The links are
readable by everyone and I though I had the permissions correct.

Here is a excerpt of my httpd.conf:

<IfModule mod_userdir.c>
UserDir nfsmount/public_html
</IfModule>

#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/nfsmount/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>

<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>

Here is an excerpt from my error_log from httpd:
[error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to
/~username/ denied
[error] [client xxx.xxx.xxx.xxx] Symbolic link not allowed or link
target not accessible: /home/username/nucleus

Is there something I'm missing here?

Thank you,
Frank

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


joshua at slive

Nov 16, 2007, 4:41 PM

Post #2 of 3 (138 views)
Permalink
Re: Forbidden error using mod_userdir.c [In reply to]
On Nov 16, 2007 6:22 PM, fchan <fchan[at]molsci.org> wrote:

>
> Here is an excerpt from my error_log from httpd:
> [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to
> /~username/ denied
> [error] [client xxx.xxx.xxx.xxx] Symbolic link not allowed or link
> target not accessible: /home/username/nucleus

The User/Group specified in httpd.conf must have read permissions on
the file and search (+x) permissions on the directory where the file
is located AND ALL PARENT DIRECTORIES to that directory.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


jslive at gmail

Nov 16, 2007, 5:15 PM

Post #3 of 3 (141 views)
Permalink
Re: Forbidden error using mod_userdir.c [In reply to]
[Please keep your messages on the list.]

On Nov 16, 2007 8:10 PM, fchan <fchan[at]molsci.org> wrote:
> Hi Joshua,
> I have rwxr-xr-x on /home and the user's directory. The symbolic link
> to the nfs mount is rwxrwxrwx in the user's directory.
>
> Actually I copied these settings from my original server that working
> before but the old system was running httpd 1.3 server on old RHL 9.0
> system.
> Any other permission ideas?

You need to check all the parent directories of the link TARGET.

This is a unix permissions issue, it has nothing to do with httpd
configuration or version.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org

Apache users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.