If it was 770 apache:apache, then root had no access, and root (before processing the User directive) was 'unable' to verify the existence of the child directory without violating the apparent access control (not traditional access control, of course).
On Mon, Jul 22, 2013 at 1:08 PM, Reindl Harald <[email protected]>wrote: > > > Am 22.07.2013 17:01, schrieb William A. Rowe Jr.: > > On Sun, 21 Jul 2013 00:15:45 +0200 > > Reindl Harald <[email protected]> wrote: > >> > >> but why does httpd need CAP_DAC_OVERRIDE while starting initially as > >> root? > >> > >> CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID > >> CAP_SETUID Jul 21 00:04:01 srv-rhsoft httpd[8813]: AH00112: Warning: > >> DocumentRoot [/mnt/data/www/www] does not exist Jul 21 00:04:01 > >> srv-rhsoft httpd[8813]: AH00112: Warning: DocumentRoot > >> [/mnt/data/www/private] does not exist > > > > Could one of the parents /mnt .../data .../www offer no other-traverse > > (x) access? If so, these need to be both root and switch-to-user > > traversable and perhaps readable > > *bingo* > > not that way - some had 770 while owner/group apache:apache > so at least questionable why the warning happens anyways > but after change to 775 it is gone > > > >
