Re: [gentoo-user] USERDIR problem with apache on new install (SOLVED)
Hello, I put in a symlink /home - /local/allan/gottlieb so that programs looking in /home would be happy. I had /etc/passwd say /local/allan/gottlieb since it is the real directory. apache doesn't like this. There is probably an option to let it do this since it has several options on symlinks It's not about liking... mod_userdir automatically maps a URL in the form ~/foo onto user foo's home dir, as it is recorded in the system's user database. If you put /local/allan/gottlieb there, apache tries to serve files directly from /local/allan/gottlieb. The default mod_userdir configuration (/etc/apache2/modules.d/00_mod_userdir.conf, of which you pasted an excerpt in the other email) only sets an Allow from all for directories in the form /home/*/public_html, which does not include anything under /local. You can either change your home directory, or add Directory /local/allan/gottlieb Order allow,deny Allow from all [whatever other options you need] /Directory in the apache config for the virtualhost you're using. As for the FollowSymlinks and SymlinksIfOwnerMatch options, I'm not sure they apply here: they should only affect whether the server follows symlinks *within* the document root, not symlinks in the path *leading to* the document root. andrea
Re: [gentoo-user] USERDIR problem with apache on new install (SOLVED)
On Sun, Sep 30 2012, Andrea Conti wrote: The default mod_userdir configuration (/etc/apache2/modules.d/00_mod_userdir.conf, of which you pasted an excerpt in the other email) only sets an Allow from all for directories in the form /home/*/public_html, which does not include anything under /local. You can either change your home directory, or add Directory /local/allan/gottlieb Order allow,deny Allow from all [whatever other options you need] /Directory I see. I prefer changing my home directory as nothing needs to be done with new apache releases. As for the FollowSymlinks and SymlinksIfOwnerMatch options, I'm not sure they apply here: they should only affect whether the server follows symlinks *within* the document root, not symlinks in the path *leading to* the document root. OK. thank you very much for the clear explanations. allan
[gentoo-user] USERDIR problem with apache on new install
On my new install USERDIR is not working.
When I try http://localhost/~gottlieb, firefox says
you don't have permission to access /~gottlieb
and the apache error log says
client denied by server configuration: /local/allan/gottlieb/public_html
The file permissions are ok since both
file:///home/gottlieb/public_html/index.html and
file:///home/gottlieb/public_html
work fine.
So I guess I screwed up the apache install, in particular USERDIR.
eix shows userdir (see below)
/etc/conf.d/apache2 has it (see below, diffs = with my working install)
I have restarted apache, shutdown the machine overnight, reinstalled
apache, but still no go.
What step did I foolishly miss?
thanks,
allan
newlap gottlieb # eix -e apache
[I] www-servers/apache
Available versions: (2) 2.2.22-r1 [M](~)2.4.2
{{debug doc ldap selinux ssl static suexec threads
APACHE2_MODULES=actions alias asis auth_basic auth_digest authn_alias
authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta cgi
cgid charset_lite dav dav_fs dav_lock dbd deflate dir disk_cache dumpio env
expires ext_filter file_cache filter headers ident imagemap include info
log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi
reqtimeout rewrite setenvif speling status substitute unique_id userdir
usertrack version vhost_alias APACHE2_MPMS=event itk peruser prefork worker}}
Installed versions: 2.2.22-r1(2)(10:23:21 PM 09/28/2012)(ldap ssl -debug
-doc -selinux -static -suexec -threads APACHE2_MODULES=actions alias
auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm
authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache
cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter
file_cache filter headers include info log_config logio mem_cache mime
mime_magic negotiation rewrite setenvif speling status unique_id userdir
usertrack vhost_alias -asis -auth_digest -authn_dbd -cern_meta -charset_lite
-dbd -dumpio -ident -imagemap -log_forensic -proxy -proxy_ajp -proxy_balancer
-proxy_connect -proxy_ftp -proxy_http -proxy_scgi -reqtimeout -substitute
-version APACHE2_MPMS=-event -itk -peruser -prefork -worker)
Homepage:http://httpd.apache.org/
Description: The Apache Web Server.
newlap gottlieb # cat /etc/conf.d/apache2
# /etc/conf.d/apache2: config file for /etc/init.d/apache2
# ajg: Added support for USERDIR, i.e., ~/public_html
# When you install a module it is easy to activate or deactivate the modules
# and other features of apache using the APACHE2_OPTS line. Every module should
# install a configuration in /etc/apache2/modules.d. In that file will be an
# IfDefine NNN directive where NNN is the option to enable that module.
#
# Here are the options available in the default configuration:
#
# AUTH_DIGEST Enables mod_auth_digest
# AUTHNZ_LDAP Enables authentication through mod_ldap (available if USE=ldap)
# CACHEEnables mod_cache
# DAV Enables mod_dav
# ERRORDOCSEnables default error documents for many languages.
# INFO Enables mod_info, a useful module for debugging
# LANGUAGE Enables content-negotiation based on language and charset.
# LDAP Enables mod_ldap (available if USE=ldap)
# MANUAL Enables /manual/ to be the apache manual (available if USE=docs)
# MEM_CACHEEnables default configuration mod_mem_cache
# PROXYEnables mod_proxy
# SSL Enables SSL (available if USE=ssl)
# STATUS Enabled mod_status, a useful module for statistics
# SUEXEC Enables running CGI scripts (in USERDIR) through suexec.
# USERDIR Enables /~username mapping to /home/username/public_html
#
#
# The following two options provide the default virtual host for the HTTP and
# HTTPS protocol. YOU NEED TO ENABLE AT LEAST ONE OF THEM, otherwise apache
# will not listen for incomming connections on the approriate port.
#
# DEFAULT_VHOST Enables name-based virtual hosts, with the default
# virtual host being in /var/www/localhost/htdocs
# SSL_DEFAULT_VHOST Enables default vhost for SSL (you should enable this
# when you enable SSL)
#
APACHE2_OPTS=-D DEFAULT_VHOST -D USERDIR -D INFO -D SSL -D SSL_DEFAULT_VHOST
-D LANGUAGE
# Extended options for advanced uses of Apache ONLY
# You don't need to edit these unless you are doing crazy Apache stuff
# As not having them set correctly, or feeding in an incorrect configuration
# via them will result in Apache failing to start
# YOU HAVE BEEN WARNED.
# PID file
#PIDFILE=/var/run/apache2.pid
# timeout for startup/shutdown checks
#TIMEOUT=10
# ServerRoot setting
#SERVERROOT=/usr/lib64/apache2
# Configuration file location
Re: [gentoo-user] USERDIR problem with apache on new install
Am 29.09.2012 17:08, schrieb Allan Gottlieb: On my new install USERDIR is not working. When I try http://localhost/~gottlieb, firefox says you don't have permission to access /~gottlieb and the apache error log says client denied by server configuration: /local/allan/gottlieb/public_html The file permissions are ok since both file:///home/gottlieb/public_html/index.html and file:///home/gottlieb/public_html work fine. I am sure your user has access to the files - thus allowing you to browse them locally (file:///) - but does apache (more precisely the systems user 'apache') have access to this files? Have you tried this: # sudu -u apache cat /home/gottlieb/public_html/index.html
Re: [gentoo-user] USERDIR problem with apache on new install
On Sat, Sep 29 2012, Michael Hampicke wrote: Am 29.09.2012 17:08, schrieb Allan Gottlieb: On my new install USERDIR is not working. When I try http://localhost/~gottlieb, firefox says you don't have permission to access /~gottlieb and the apache error log says client denied by server configuration: /local/allan/gottlieb/public_html The file permissions are ok since both file:///home/gottlieb/public_html/index.html and file:///home/gottlieb/public_html work fine. I am sure your user has access to the files - thus allowing you to browse them locally (file:///) - but does apache (more precisely the systems user 'apache') have access to this files? Have you tried this: # sudu -u apache cat /home/gottlieb/public_html/index.html I just did and the file appears on the screen. Also I checked the permissions of / /home /home/gottlieb /home/gottlieb and /home/gottlieb/public_html newlap local # ls -ld / /home /home/gottlieb drwxr-xr-x 23 root root 4096 Sep 27 23:47 / drwxr-xr-x 2 root root 4096 Sep 24 13:58 /home lrwxrwxrwx 1 root root 21 Sep 24 13:58 /home/gottlieb - /local/allan/gottlieb newlap local # ls -ld /local/allan/gottlieb /local/allan/gottlieb/public_html/ drwxr-xr-x 41 gottlieb gottlieb 4096 Sep 29 12:42 /local/allan/gottlieb drwxr-xr-x 23 gottlieb gottlieb 4096 Sep 24 14:29 /local/allan/gottlieb/public_html/ newlap local # I'm still looking. Let me know if you think of something else. thanks, allan
Re: [gentoo-user] USERDIR problem with apache on new install
On Sat, 29 Sep 2012 11:08:41 -0400, Allan Gottlieb wrote: When I try http://localhost/~gottlieb, firefox says you don't have permission to access /~gottlieb and the apache error log says client denied by server configuration: /local/allan/gottlieb/public_html The file permissions are ok since both file:///home/gottlieb/public_html/index.html and file:///home/gottlieb/public_html work fine. It's not file permissions, the error message says server configuration, probably some Allow/Deny magic. -- Neil Bothwick Why is the word abbreviation so long? signature.asc Description: PGP signature
Re: [gentoo-user] USERDIR problem with apache on new install
Am 29.09.2012 19:52, schrieb Neil Bothwick: On Sat, 29 Sep 2012 11:08:41 -0400, Allan Gottlieb wrote: When I try http://localhost/~gottlieb, firefox says you don't have permission to access /~gottlieb and the apache error log says client denied by server configuration: /local/allan/gottlieb/public_html The file permissions are ok since both file:///home/gottlieb/public_html/index.html and file:///home/gottlieb/public_html work fine. It's not file permissions, the error message says server configuration, probably some Allow/Deny magic. Yeah, now I see it: client denied by server configuration: /local/allan/gottlieb/public_html The file permissions are ok since both file:///home/gottlieb/public_html/index.html So there's /local/allan vs /home/gottlieb If you correct the DocumentRoot it will work :)
Re: [gentoo-user] USERDIR problem with apache on new install
On Sat, Sep 29 2012, Michael Hampicke wrote: Am 29.09.2012 19:52, schrieb Neil Bothwick: On Sat, 29 Sep 2012 11:08:41 -0400, Allan Gottlieb wrote: When I try http://localhost/~gottlieb, firefox says you don't have permission to access /~gottlieb and the apache error log says client denied by server configuration: /local/allan/gottlieb/public_html The file permissions are ok since both file:///home/gottlieb/public_html/index.html and file:///home/gottlieb/public_html work fine. It's not file permissions, the error message says server configuration, probably some Allow/Deny magic. Yeah, now I see it: client denied by server configuration: /local/allan/gottlieb/public_html The file permissions are ok since both file:///home/gottlieb/public_html/index.html So there's /local/allan vs /home/gottlieb If you correct the DocumentRoot it will work :) I don't understand what is wrong with DocumentRoot. It is unchanged at /var/www/localhost/htdocs and accessing http://localhost works fine. /etc/conf.d/apache says # USERDIR Enables /~username mapping to /home/username/public_html So /~gottlieb -- /home/gottlieb/public_html /home/gottlieb - /local/allan/gottlieb and all directories in both paths have permissions = 555 I know a symlink /home/gottlieb - /local/allan/gottlieb is OK for apache since my current install has /home/gottlieb - /allan/gottlieb/allan - /local/allan and everything works. I agree with neil that it is probably allow/deny, but I don't see any differences between my old and new (both are pretty much stock). The new is essentially unchanged from the emerged package (added USERDIR to /etc/conf.d/apache2) and I have diff'ed old with new and they seem the same. There must be some place I haven't looked. I appreciate all the effort. allan gottlieb
Re: [gentoo-user] USERDIR problem with apache on new install (SOLVED)
On Sat, Sep 29 2012, Allan Gottlieb wrote: On my new install USERDIR is not working. When I try http://localhost/~gottlieb, firefox says you don't have permission to access /~gottlieb and the apache error log says client denied by server configuration: /local/allan/gottlieb/public_html The file permissions are ok since both file:///home/gottlieb/public_html/index.html and file:///home/gottlieb/public_html work fine. So I guess I screwed up the apache install, in particular USERDIR. eix shows userdir (see below) /etc/conf.d/apache2 has it (see below, diffs = with my working install) I have restarted apache, shutdown the machine overnight, reinstalled apache, but still no go. What step did I foolishly miss? thanks, allan Finally! I have a filesystem mounted on /local for my local files including my home directory /local/allan/gottlieb. I put in a symlink /home - /local/allan/gottlieb so that programs looking in /home would be happy. I had /etc/passwd say /local/allan/gottlieb since it is the real directory. apache doesn't like this. There is probably an option to let it do this since it has several options on symlinks However I simply changed /etc/passwd to say /home/gottlieb and apache is happy. allan
Re: [gentoo-user] USERDIR problem with apache on new install (SOLVED)
Am 29.09.2012 23:59, schrieb Allan Gottlieb: On Sat, Sep 29 2012, Allan Gottlieb wrote: On my new install USERDIR is not working. When I try http://localhost/~gottlieb, firefox says you don't have permission to access /~gottlieb and the apache error log says client denied by server configuration: /local/allan/gottlieb/public_html The file permissions are ok since both file:///home/gottlieb/public_html/index.html and file:///home/gottlieb/public_html work fine. So I guess I screwed up the apache install, in particular USERDIR. eix shows userdir (see below) /etc/conf.d/apache2 has it (see below, diffs = with my working install) I have restarted apache, shutdown the machine overnight, reinstalled apache, but still no go. What step did I foolishly miss? thanks, allan Finally! I have a filesystem mounted on /local for my local files including my home directory /local/allan/gottlieb. I put in a symlink /home - /local/allan/gottlieb so that programs looking in /home would be happy. I had /etc/passwd say /local/allan/gottlieb since it is the real directory. apache doesn't like this. There is probably an option to let it do this since it has several options on symlinks However I simply changed /etc/passwd to say /home/gottlieb and apache is happy. allan There's an option called FollowSymlinks which you can set per directory to allow apache to... yeah, follow symlinks :) Look for FollowSymlinks on http://httpd.apache.org/docs/2.2/mod/core.html
Re: [gentoo-user] USERDIR problem with apache on new install (SOLVED)
On Sat, Sep 29 2012, Michael Hampicke wrote: Am 29.09.2012 23:59, schrieb Allan Gottlieb: On Sat, Sep 29 2012, Allan Gottlieb wrote: On my new install USERDIR is not working. When I try http://localhost/~gottlieb, firefox says you don't have permission to access /~gottlieb and the apache error log says client denied by server configuration: /local/allan/gottlieb/public_html The file permissions are ok since both file:///home/gottlieb/public_html/index.html and file:///home/gottlieb/public_html work fine. So I guess I screwed up the apache install, in particular USERDIR. eix shows userdir (see below) /etc/conf.d/apache2 has it (see below, diffs = with my working install) I have restarted apache, shutdown the machine overnight, reinstalled apache, but still no go. What step did I foolishly miss? thanks, allan Finally! I have a filesystem mounted on /local for my local files including my home directory /local/allan/gottlieb. I put in a symlink /home - /local/allan/gottlieb so that programs looking in /home would be happy. I had /etc/passwd say /local/allan/gottlieb since it is the real directory. apache doesn't like this. There is probably an option to let it do this since it has several options on symlinks However I simply changed /etc/passwd to say /home/gottlieb and apache is happy. allan There's an option called FollowSymlinks which you can set per directory to allow apache to... yeah, follow symlinks :) Look for FollowSymlinks on http://httpd.apache.org/docs/2.2/mod/core.html Yes. It was seeing that option that trigger me to believe symlinks could have been the problem. It was easier to eliminate the one from the official home dir to the real home dir than to understand if the option would help. My lack of confidence was because the place I found the option, it was turned on. # Control access to UserDir directories. The following is an example # for a site where these directories are restricted to read-only. Directory /home/*/public_html AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Limit GET POST OPTIONS Order allow,deny Allow from all /Limit LimitExcept GET POST OPTIONS Order deny,allow Deny from all /LimitExcept /Directory It looked to me that I was the owner and the follower. But as I said it seemed easier to eliminate the problematic symlink than to figure out where and when to set the option. Perhaps just changing SymLinksIfOwnerMatch to FollowSymlinks would have done it. allan
