subject:"\[users@httpd\] httpd 2.4.25\-1.fc25 avoiding search permission errors across file systems Fedora 25 linux"

Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

2017-03-07 Thread Robert Moskowitz

Yes,  We really want the protection afforded our servers with SELInux, 
but then there are all these policies to apply when we need to open 
things up some.


Very challenging for sure.

On 03/06/2017 09:16 AM, David B Snyder wrote:

Thanks, this seems to have worked!

I guess I need to learn about SELinux now. :)


On 03/05/2017 06:04 PM, Robert Moskowitz wrote:

Are you running SELinux?

Have you done the needed:

chcon -R -t httpd_sys_content_rw_t /diretory

commands?

On 03/05/2017 05:48 PM, David B Snyder wrote:
I am trying to set up httpd across several file systems on a Fedora 
25 Linux

 system, and I'm doing something wrong.

I haven't succeeded in getting httpd to serve pages across the 
mounted file systems.


example errors:
[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] 
(13)Permission denied: [client ::1:50082] AH00035: access to 
/snyder/index.html denied (filesystem path 
'/mnt/Workspace/snyder/www/index.html') because search permissions 
are missing on a component of the path


[Sun Mar 05 13:32:01.840581 2017] [core:error] [pid 999] 
(13)Permission denied: [client ::1:50084] AH00035: access to 
/local/index.html denied (filesystem path '/home/snyder/index.html') 
because search permissions are missing on a component of the path



As far as I can tell, the permissions are correct, allowing read and 
execute

drwxr-xr-x.  14 root   root4096 Feb  3 09:51 /mnt #this works

drwxr-xr-x. 6 root root  4096 Mar  4 15:55 /mnt/Workspace #does not 
work

drwxr-xr-x.   9 snyder snyder  4096 Dec  9 10:31 /home #does not work

From httpd.conf:
...


Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted



Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted



Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
   Require all granted



alias /local/ /home/snyder/
alias /mnt/ /mnt/
alias /snyder/ /mnt/Workspace/snyder/www/

...

From my browser [Firefox]
'localhost'  displays the index.html

'localhost/mnt/' produces a directory listing, however clicking on the
Workspace entry [localhost/mnt/Workspace] produces 403 "Forbidden /n
You don't have permission to access /mnt/Workspace/ on this server."

'localhost/local/' produces a similar 403 "Forbidden" message.

The error_log messages are

[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] 
(13)Permission denied: [client ::1:50082] AH00035: access to 
/snyder/index.html denied (filesystem path 
'/mnt/Workspace/snyder/www/index.html') because search permissions 
are missing on a component of the path


[Sun Mar 05 14:07:25.405553 2017] [autoindex:error] [pid 1000] 
(13)Permission denied: [client ::1:50688] AH01275: Can't open 
directory for index: /mnt/Workspace/, referer: http://localhost/mnt/



from /etc/mtab:
/dev/sda6 /mnt/Workspace ext4 rw,seclabel,relatime,data=ordered 0 0
/dev/mapper/fedora_snydercpu-home /home ext4 
rw,seclabel,relatime,data=ordered 0 0


I'm running Fedora 25 with
httpd.x86_64 2.4.25-1.fc25   @updates
httpd-filesystem.noarch 2.4.25-1.fc25 @updates
httpd-manual.noarch 2.4.25-1.fc25   @updates
httpd-tools.x86_64 2.4.25-1.fc25   @updates

I suppose I could work exclusively within the root file system, But 
I think I

should not have to :).

Thanks for any advice

-David Snyder






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

2017-03-06 Thread David B Snyder


Thanks, this seems to have worked!

I guess I need to learn about SELinux now. :)


On 03/05/2017 06:04 PM, Robert Moskowitz wrote:

Are you running SELinux?

Have you done the needed:

chcon -R -t httpd_sys_content_rw_t /diretory

commands?

On 03/05/2017 05:48 PM, David B Snyder wrote:
I am trying to set up httpd across several file systems on a Fedora 
25 Linux

 system, and I'm doing something wrong.

I haven't succeeded in getting httpd to serve pages across the 
mounted file systems.


example errors:
[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] 
(13)Permission denied: [client ::1:50082] AH00035: access to 
/snyder/index.html denied (filesystem path 
'/mnt/Workspace/snyder/www/index.html') because search permissions 
are missing on a component of the path


[Sun Mar 05 13:32:01.840581 2017] [core:error] [pid 999] 
(13)Permission denied: [client ::1:50084] AH00035: access to 
/local/index.html denied (filesystem path '/home/snyder/index.html') 
because search permissions are missing on a component of the path



As far as I can tell, the permissions are correct, allowing read and 
execute

drwxr-xr-x.  14 root   root4096 Feb  3 09:51 /mnt #this works

drwxr-xr-x. 6 root root  4096 Mar  4 15:55 /mnt/Workspace  #does not 
work

drwxr-xr-x.   9 snyder snyder  4096 Dec  9 10:31 /home #does not work

From httpd.conf:
...


Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted



Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted



Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
   Require all granted



alias /local/ /home/snyder/
alias /mnt/ /mnt/
alias /snyder/ /mnt/Workspace/snyder/www/

...

From my browser [Firefox]
'localhost'  displays the index.html

'localhost/mnt/' produces a directory listing, however clicking on the
Workspace entry [localhost/mnt/Workspace] produces 403 "Forbidden /n
You don't have permission to access /mnt/Workspace/ on this server."

'localhost/local/' produces a similar 403 "Forbidden" message.

The error_log messages are

[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] 
(13)Permission denied: [client ::1:50082] AH00035: access to 
/snyder/index.html denied (filesystem path 
'/mnt/Workspace/snyder/www/index.html') because search permissions 
are missing on a component of the path


[Sun Mar 05 14:07:25.405553 2017] [autoindex:error] [pid 1000] 
(13)Permission denied: [client ::1:50688] AH01275: Can't open 
directory for index: /mnt/Workspace/, referer: http://localhost/mnt/



from /etc/mtab:
/dev/sda6 /mnt/Workspace ext4 rw,seclabel,relatime,data=ordered 0 0
/dev/mapper/fedora_snydercpu-home /home ext4 
rw,seclabel,relatime,data=ordered 0 0


I'm running Fedora 25 with
httpd.x86_64 2.4.25-1.fc25   @updates
httpd-filesystem.noarch 2.4.25-1.fc25   @updates
httpd-manual.noarch 2.4.25-1.fc25   @updates
httpd-tools.x86_64 2.4.25-1.fc25   @updates

I suppose I could work exclusively within the root file system, But I 
think I

should not have to :).

Thanks for any advice

-David Snyder






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




--
dbsnyder471 (at) gmail.com


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

2017-03-05 Thread David B Snyder


I have tried.

I don't have iname,so I have tried setting up each directory.

/ works (gets the directory listing)

/mnt works

/mnt/Workspace doesn't work 403 Forbidden, yet I see no difference in 
the permissions, they are all r-x for group and world.  That is where it 
crosses file systems.



On 03/05/2017 05:59 PM, Eric Covener wrote:

On Sun, Mar 5, 2017 at 5:48 PM, David B Snyder  wrote:

Thanks for any advice

You need to check every component of the path, such as the output of
namei -m /mnt/Workspace/snyder/www/index.html





--
dbsnyder471 (at) gmail.com


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

2017-03-05 Thread Robert Moskowitz


Are you running SELinux?

Have you done the needed:

chcon -R -t httpd_sys_content_rw_t /diretory

commands?

On 03/05/2017 05:48 PM, David B Snyder wrote:
I am trying to set up httpd across several file systems on a Fedora 25 
Linux

 system, and I'm doing something wrong.

I haven't succeeded in getting httpd to serve pages across the mounted 
file systems.


example errors:
[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] 
(13)Permission denied: [client ::1:50082] AH00035: access to 
/snyder/index.html denied (filesystem path 
'/mnt/Workspace/snyder/www/index.html') because search permissions are 
missing on a component of the path


[Sun Mar 05 13:32:01.840581 2017] [core:error] [pid 999] 
(13)Permission denied: [client ::1:50084] AH00035: access to 
/local/index.html denied (filesystem path '/home/snyder/index.html') 
because search permissions are missing on a component of the path



As far as I can tell, the permissions are correct, allowing read and 
execute

drwxr-xr-x.  14 root   root4096 Feb  3 09:51 /mnt #this works

drwxr-xr-x. 6 root root  4096 Mar  4 15:55 /mnt/Workspace  #does not work
drwxr-xr-x.   9 snyder snyder  4096 Dec  9 10:31 /home  #does not 
work


From httpd.conf:
...


Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted



Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted



Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
   Require all granted



alias /local/ /home/snyder/
alias /mnt/ /mnt/
alias /snyder/ /mnt/Workspace/snyder/www/

...

From my browser [Firefox]
'localhost'  displays the index.html

'localhost/mnt/' produces a directory listing, however clicking on the
Workspace entry [localhost/mnt/Workspace] produces 403 "Forbidden /n
You don't have permission to access /mnt/Workspace/ on this server."

'localhost/local/' produces a similar 403 "Forbidden" message.

The error_log messages are

[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] 
(13)Permission denied: [client ::1:50082] AH00035: access to 
/snyder/index.html denied (filesystem path 
'/mnt/Workspace/snyder/www/index.html') because search permissions are 
missing on a component of the path


[Sun Mar 05 14:07:25.405553 2017] [autoindex:error] [pid 1000] 
(13)Permission denied: [client ::1:50688] AH01275: Can't open 
directory for index: /mnt/Workspace/, referer: http://localhost/mnt/



from /etc/mtab:
/dev/sda6 /mnt/Workspace ext4 rw,seclabel,relatime,data=ordered 0 0
/dev/mapper/fedora_snydercpu-home /home ext4 
rw,seclabel,relatime,data=ordered 0 0


I'm running Fedora 25 with
httpd.x86_64 2.4.25-1.fc25   @updates
httpd-filesystem.noarch 2.4.25-1.fc25   @updates
httpd-manual.noarch 2.4.25-1.fc25   @updates
httpd-tools.x86_64 2.4.25-1.fc25   @updates

I suppose I could work exclusively within the root file system, But I 
think I

should not have to :).

Thanks for any advice

-David Snyder






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

2017-03-05 Thread Eric Covener

On Sun, Mar 5, 2017 at 5:48 PM, David B Snyder  wrote:
> Thanks for any advice

You need to check every component of the path, such as the output of
namei -m /mnt/Workspace/snyder/www/index.html



-- 
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

2017-03-05 Thread David B Snyder


I am trying to set up httpd across several file systems on a Fedora 25 Linux
 system, and I'm doing something wrong.

I haven't succeeded in getting httpd to serve pages across the mounted 
file systems.


example errors:
[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] (13)Permission 
denied: [client ::1:50082] AH00035: access to /snyder/index.html denied 
(filesystem path '/mnt/Workspace/snyder/www/index.html') because search 
permissions are missing on a component of the path


[Sun Mar 05 13:32:01.840581 2017] [core:error] [pid 999] (13)Permission 
denied: [client ::1:50084] AH00035: access to /local/index.html denied 
(filesystem path '/home/snyder/index.html') because search permissions 
are missing on a component of the path



As far as I can tell, the permissions are correct, allowing read and execute
drwxr-xr-x.  14 root   root4096 Feb  3 09:51 /mnt #this works

drwxr-xr-x. 6 root root  4096 Mar  4 15:55 /mnt/Workspace  #does not work
drwxr-xr-x.   9 snyder snyder  4096 Dec  9 10:31 /home  #does not work

From httpd.conf:
...


Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted



Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted



Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
   Require all granted



alias /local/ /home/snyder/
alias /mnt/ /mnt/
alias /snyder/ /mnt/Workspace/snyder/www/

...

From my browser [Firefox]
'localhost'  displays the index.html

'localhost/mnt/' produces a directory listing, however clicking on the
Workspace entry [localhost/mnt/Workspace] produces 403 "Forbidden /n
You don't have permission to access /mnt/Workspace/ on this server."

'localhost/local/' produces a similar 403 "Forbidden" message.

The error_log messages are

[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] (13)Permission 
denied: [client ::1:50082] AH00035: access to /snyder/index.html denied 
(filesystem path '/mnt/Workspace/snyder/www/index.html') because search 
permissions are missing on a component of the path


[Sun Mar 05 14:07:25.405553 2017] [autoindex:error] [pid 1000] 
(13)Permission denied: [client ::1:50688] AH01275: Can't open directory 
for index: /mnt/Workspace/, referer: http://localhost/mnt/



from /etc/mtab:
/dev/sda6 /mnt/Workspace ext4 rw,seclabel,relatime,data=ordered 0 0
/dev/mapper/fedora_snydercpu-home /home ext4 
rw,seclabel,relatime,data=ordered 0 0


I'm running Fedora 25 with
httpd.x86_64 2.4.25-1.fc25   @updates
httpd-filesystem.noarch 2.4.25-1.fc25   @updates
httpd-manual.noarch 2.4.25-1.fc25   @updates
httpd-tools.x86_64 2.4.25-1.fc25   @updates

I suppose I could work exclusively within the root file system, But I 
think I

should not have to :).

Thanks for any advice

-David Snyder



--
dbsnyder471 (at) gmail.com
H:440.892.0192


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

[users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

6 matches

Site Navigation

Mail list logo

Footer information