Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux
Yes, We really want the protection afforded our servers with SELInux, but then there are all these policies to apply when we need to open things up some. Very challenging for sure. On 03/06/2017 09:16 AM, David B Snyder wrote: Thanks, this seems to have worked! I guess I need to learn about SELinux now. :) On 03/05/2017 06:04 PM, Robert Moskowitz wrote: Are you running SELinux? Have you done the needed: chcon -R -t httpd_sys_content_rw_t /diretory commands? On 03/05/2017 05:48 PM, David B Snyder wrote: I am trying to set up httpd across several file systems on a Fedora 25 Linux system, and I'm doing something wrong. I haven't succeeded in getting httpd to serve pages across the mounted file systems. example errors: [Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] (13)Permission denied: [client ::1:50082] AH00035: access to /snyder/index.html denied (filesystem path '/mnt/Workspace/snyder/www/index.html') because search permissions are missing on a component of the path [Sun Mar 05 13:32:01.840581 2017] [core:error] [pid 999] (13)Permission denied: [client ::1:50084] AH00035: access to /local/index.html denied (filesystem path '/home/snyder/index.html') because search permissions are missing on a component of the path As far as I can tell, the permissions are correct, allowing read and execute drwxr-xr-x. 14 root root4096 Feb 3 09:51 /mnt #this works drwxr-xr-x. 6 root root 4096 Mar 4 15:55 /mnt/Workspace #does not work drwxr-xr-x. 9 snyder snyder 4096 Dec 9 10:31 /home #does not work From httpd.conf: ... Options Indexes FollowSymLinks AllowOverride None # Allow open access: Require all granted Options Indexes FollowSymLinks AllowOverride None # Allow open access: Require all granted Options Indexes FollowSymLinks AllowOverride None # Allow open access: Require all granted alias /local/ /home/snyder/ alias /mnt/ /mnt/ alias /snyder/ /mnt/Workspace/snyder/www/ ... From my browser [Firefox] 'localhost' displays the index.html 'localhost/mnt/' produces a directory listing, however clicking on the Workspace entry [localhost/mnt/Workspace] produces 403 "Forbidden /n You don't have permission to access /mnt/Workspace/ on this server." 'localhost/local/' produces a similar 403 "Forbidden" message. The error_log messages are [Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] (13)Permission denied: [client ::1:50082] AH00035: access to /snyder/index.html denied (filesystem path '/mnt/Workspace/snyder/www/index.html') because search permissions are missing on a component of the path [Sun Mar 05 14:07:25.405553 2017] [autoindex:error] [pid 1000] (13)Permission denied: [client ::1:50688] AH01275: Can't open directory for index: /mnt/Workspace/, referer: http://localhost/mnt/ from /etc/mtab: /dev/sda6 /mnt/Workspace ext4 rw,seclabel,relatime,data=ordered 0 0 /dev/mapper/fedora_snydercpu-home /home ext4 rw,seclabel,relatime,data=ordered 0 0 I'm running Fedora 25 with httpd.x86_64 2.4.25-1.fc25 @updates httpd-filesystem.noarch 2.4.25-1.fc25 @updates httpd-manual.noarch 2.4.25-1.fc25 @updates httpd-tools.x86_64 2.4.25-1.fc25 @updates I suppose I could work exclusively within the root file system, But I think I should not have to :). Thanks for any advice -David Snyder - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux
Thanks, this seems to have worked! I guess I need to learn about SELinux now. :) On 03/05/2017 06:04 PM, Robert Moskowitz wrote: Are you running SELinux? Have you done the needed: chcon -R -t httpd_sys_content_rw_t /diretory commands? On 03/05/2017 05:48 PM, David B Snyder wrote: I am trying to set up httpd across several file systems on a Fedora 25 Linux system, and I'm doing something wrong. I haven't succeeded in getting httpd to serve pages across the mounted file systems. example errors: [Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] (13)Permission denied: [client ::1:50082] AH00035: access to /snyder/index.html denied (filesystem path '/mnt/Workspace/snyder/www/index.html') because search permissions are missing on a component of the path [Sun Mar 05 13:32:01.840581 2017] [core:error] [pid 999] (13)Permission denied: [client ::1:50084] AH00035: access to /local/index.html denied (filesystem path '/home/snyder/index.html') because search permissions are missing on a component of the path As far as I can tell, the permissions are correct, allowing read and execute drwxr-xr-x. 14 root root4096 Feb 3 09:51 /mnt #this works drwxr-xr-x. 6 root root 4096 Mar 4 15:55 /mnt/Workspace #does not work drwxr-xr-x. 9 snyder snyder 4096 Dec 9 10:31 /home #does not work From httpd.conf: ... Options Indexes FollowSymLinks AllowOverride None # Allow open access: Require all granted Options Indexes FollowSymLinks AllowOverride None # Allow open access: Require all granted Options Indexes FollowSymLinks AllowOverride None # Allow open access: Require all granted alias /local/ /home/snyder/ alias /mnt/ /mnt/ alias /snyder/ /mnt/Workspace/snyder/www/ ... From my browser [Firefox] 'localhost' displays the index.html 'localhost/mnt/' produces a directory listing, however clicking on the Workspace entry [localhost/mnt/Workspace] produces 403 "Forbidden /n You don't have permission to access /mnt/Workspace/ on this server." 'localhost/local/' produces a similar 403 "Forbidden" message. The error_log messages are [Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] (13)Permission denied: [client ::1:50082] AH00035: access to /snyder/index.html denied (filesystem path '/mnt/Workspace/snyder/www/index.html') because search permissions are missing on a component of the path [Sun Mar 05 14:07:25.405553 2017] [autoindex:error] [pid 1000] (13)Permission denied: [client ::1:50688] AH01275: Can't open directory for index: /mnt/Workspace/, referer: http://localhost/mnt/ from /etc/mtab: /dev/sda6 /mnt/Workspace ext4 rw,seclabel,relatime,data=ordered 0 0 /dev/mapper/fedora_snydercpu-home /home ext4 rw,seclabel,relatime,data=ordered 0 0 I'm running Fedora 25 with httpd.x86_64 2.4.25-1.fc25 @updates httpd-filesystem.noarch 2.4.25-1.fc25 @updates httpd-manual.noarch 2.4.25-1.fc25 @updates httpd-tools.x86_64 2.4.25-1.fc25 @updates I suppose I could work exclusively within the root file system, But I think I should not have to :). Thanks for any advice -David Snyder - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- dbsnyder471 (at) gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux
I have tried. I don't have iname,so I have tried setting up each directory. / works (gets the directory listing) /mnt works /mnt/Workspace doesn't work 403 Forbidden, yet I see no difference in the permissions, they are all r-x for group and world. That is where it crosses file systems. On 03/05/2017 05:59 PM, Eric Covener wrote: On Sun, Mar 5, 2017 at 5:48 PM, David B Snyderwrote: Thanks for any advice You need to check every component of the path, such as the output of namei -m /mnt/Workspace/snyder/www/index.html -- dbsnyder471 (at) gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux
Are you running SELinux? Have you done the needed: chcon -R -t httpd_sys_content_rw_t /diretory commands? On 03/05/2017 05:48 PM, David B Snyder wrote: I am trying to set up httpd across several file systems on a Fedora 25 Linux system, and I'm doing something wrong. I haven't succeeded in getting httpd to serve pages across the mounted file systems. example errors: [Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] (13)Permission denied: [client ::1:50082] AH00035: access to /snyder/index.html denied (filesystem path '/mnt/Workspace/snyder/www/index.html') because search permissions are missing on a component of the path [Sun Mar 05 13:32:01.840581 2017] [core:error] [pid 999] (13)Permission denied: [client ::1:50084] AH00035: access to /local/index.html denied (filesystem path '/home/snyder/index.html') because search permissions are missing on a component of the path As far as I can tell, the permissions are correct, allowing read and execute drwxr-xr-x. 14 root root4096 Feb 3 09:51 /mnt #this works drwxr-xr-x. 6 root root 4096 Mar 4 15:55 /mnt/Workspace #does not work drwxr-xr-x. 9 snyder snyder 4096 Dec 9 10:31 /home #does not work From httpd.conf: ... Options Indexes FollowSymLinks AllowOverride None # Allow open access: Require all granted Options Indexes FollowSymLinks AllowOverride None # Allow open access: Require all granted Options Indexes FollowSymLinks AllowOverride None # Allow open access: Require all granted alias /local/ /home/snyder/ alias /mnt/ /mnt/ alias /snyder/ /mnt/Workspace/snyder/www/ ... From my browser [Firefox] 'localhost' displays the index.html 'localhost/mnt/' produces a directory listing, however clicking on the Workspace entry [localhost/mnt/Workspace] produces 403 "Forbidden /n You don't have permission to access /mnt/Workspace/ on this server." 'localhost/local/' produces a similar 403 "Forbidden" message. The error_log messages are [Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] (13)Permission denied: [client ::1:50082] AH00035: access to /snyder/index.html denied (filesystem path '/mnt/Workspace/snyder/www/index.html') because search permissions are missing on a component of the path [Sun Mar 05 14:07:25.405553 2017] [autoindex:error] [pid 1000] (13)Permission denied: [client ::1:50688] AH01275: Can't open directory for index: /mnt/Workspace/, referer: http://localhost/mnt/ from /etc/mtab: /dev/sda6 /mnt/Workspace ext4 rw,seclabel,relatime,data=ordered 0 0 /dev/mapper/fedora_snydercpu-home /home ext4 rw,seclabel,relatime,data=ordered 0 0 I'm running Fedora 25 with httpd.x86_64 2.4.25-1.fc25 @updates httpd-filesystem.noarch 2.4.25-1.fc25 @updates httpd-manual.noarch 2.4.25-1.fc25 @updates httpd-tools.x86_64 2.4.25-1.fc25 @updates I suppose I could work exclusively within the root file system, But I think I should not have to :). Thanks for any advice -David Snyder - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux
On Sun, Mar 5, 2017 at 5:48 PM, David B Snyderwrote: > Thanks for any advice You need to check every component of the path, such as the output of namei -m /mnt/Workspace/snyder/www/index.html -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux
I am trying to set up httpd across several file systems on a Fedora 25 Linux system, and I'm doing something wrong. I haven't succeeded in getting httpd to serve pages across the mounted file systems. example errors: [Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] (13)Permission denied: [client ::1:50082] AH00035: access to /snyder/index.html denied (filesystem path '/mnt/Workspace/snyder/www/index.html') because search permissions are missing on a component of the path [Sun Mar 05 13:32:01.840581 2017] [core:error] [pid 999] (13)Permission denied: [client ::1:50084] AH00035: access to /local/index.html denied (filesystem path '/home/snyder/index.html') because search permissions are missing on a component of the path As far as I can tell, the permissions are correct, allowing read and execute drwxr-xr-x. 14 root root4096 Feb 3 09:51 /mnt #this works drwxr-xr-x. 6 root root 4096 Mar 4 15:55 /mnt/Workspace #does not work drwxr-xr-x. 9 snyder snyder 4096 Dec 9 10:31 /home #does not work From httpd.conf: ... Options Indexes FollowSymLinks AllowOverride None # Allow open access: Require all granted Options Indexes FollowSymLinks AllowOverride None # Allow open access: Require all granted Options Indexes FollowSymLinks AllowOverride None # Allow open access: Require all granted alias /local/ /home/snyder/ alias /mnt/ /mnt/ alias /snyder/ /mnt/Workspace/snyder/www/ ... From my browser [Firefox] 'localhost' displays the index.html 'localhost/mnt/' produces a directory listing, however clicking on the Workspace entry [localhost/mnt/Workspace] produces 403 "Forbidden /n You don't have permission to access /mnt/Workspace/ on this server." 'localhost/local/' produces a similar 403 "Forbidden" message. The error_log messages are [Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] (13)Permission denied: [client ::1:50082] AH00035: access to /snyder/index.html denied (filesystem path '/mnt/Workspace/snyder/www/index.html') because search permissions are missing on a component of the path [Sun Mar 05 14:07:25.405553 2017] [autoindex:error] [pid 1000] (13)Permission denied: [client ::1:50688] AH01275: Can't open directory for index: /mnt/Workspace/, referer: http://localhost/mnt/ from /etc/mtab: /dev/sda6 /mnt/Workspace ext4 rw,seclabel,relatime,data=ordered 0 0 /dev/mapper/fedora_snydercpu-home /home ext4 rw,seclabel,relatime,data=ordered 0 0 I'm running Fedora 25 with httpd.x86_64 2.4.25-1.fc25 @updates httpd-filesystem.noarch 2.4.25-1.fc25 @updates httpd-manual.noarch 2.4.25-1.fc25 @updates httpd-tools.x86_64 2.4.25-1.fc25 @updates I suppose I could work exclusively within the root file system, But I think I should not have to :). Thanks for any advice -David Snyder -- dbsnyder471 (at) gmail.com H:440.892.0192 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org