Re: [SLUG] Apache vhost permission denied 403 208

Sun, 23 Nov 2003 20:11:41 -0800

Voytek wrote: 
I'm having trouble setting a vhost on Apache, and,, I just don't seem to be
able to find what's causing Apache to return " 'Forbidden
You don't have permission to access /index.phtml on this server.'

looking at the log for the vhost, it says:

...."GET /index .phtml HTTP/1.0" 403 209 "-" "...

the httpd docs are:

# ls -l
drwxr-xr-x    2 digiprin digiprin     4096 Oct 23 22:26 docs
-rw-r--r--    1 digiprin digiprin      929 May 26  2000 error404.html
-rw-r--r--    1 digiprin digiprin     1228 Feb  1  2000 form.html
-rw-r--r--    1 digiprin digiprin      754 Oct 23 22:04 index.phtml
-rw-rw-rw-    1 digiprin digiprin      303 May 26  2000 robots.txt
-rw-rw-rw-    1 digiprin digiprin      929 May 26  2000 test.html


I marked the robots.txt as -rw-rw-rw-, and, still can not access it in
browser, log gives:

"GET /robots.txt HTTP/1.0" 403 208 "GET /test.html HTTP/1.0" 403 207

I looked at my working vhosts, and, I just can't spot what I screwed up...

Voytek Eymont

Apache usually runs as "www-data" or "apache" etc. Make sure the user that apache runs as (or the group it is a member of) has 0775 permissions to the PARENT of the vhost root directory. That is, if your directory structure looks like this:

/var
  |-- /www
        |-- /voytek_vhost
              |-- index.phtml
              |-- form.html
              |-- ...etc...

The permissions need to be set like this (assuming apache runs as "www-data")

Dir/File                      Owner     Group       Octal Perm.
/var (*)                      root      root        0775
/var/www                      www-data  html-users  0775
/var/www/voytek_vhost            "          "       0775
/../voytek_vhost/index.phtml     "          "       0664
/../voytek_vhost/docs            "          "       0775

(*) - DO NOT change the permissions of /var unless the "other" permissions restrict access to non-root users. If /var is drwxrwx--- then "chmod o+rx /var" so it's READ-ONLY. Of course if your vhost root is somewhere else, you'll have to figure it out for yourself :)

Basically, you want the directories 0775 and the files 0664 with the appropriate ownership etc. This is NOT a particularly secure way to do things but it will get it working. Consider tightening up the owner/group/other permissions once things are working.

HTH.

--James

--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Reply via email to