On Wed, 7 Apr 2004, Adam W wrote:

> Jobst,
> 
> > > 
> > > After creating my public_html file in /home/adamw,
> > > 
> > > Still getting:
> > > 
> > > [Wed Apr 07 19:16:46 2004] [error] [client 192.168.1.101] 
> > > (13)Permission
> > > denied: access to /~adamw denied
> > 
> > 
> > The Apache Server must have access to that DIR!
> > 
> > However you can do something like this:
> > 
> >   /home/adamw -> 0710 -> adamw.apache
> > 
> >   /home/adamw/public_html -> 0710 -> adamw.apache
> 
> I understand that it should. But how do I give it access when
> /home/adamw only gives access to user adamw and it alone. Well how do I
> do this securely/properly?
> 
[next message]
> I didn't realise apache needs execute permissions!
> Cheers,
> Adam.

The problem++ is apache doesen't run as root and therefore can't read the
files in the directory. Jobst's answer above is one correct answer only
maybe not explained. The 2 statements below are conflicting:
1) "/home/adamw only gives access to user adamw and it alone"
2) the apache user must have read permission to display html files
One of several options must be taken, here's 2:
1) change the group of the directory
2) put the apache user (httpd,www,apache??) in the user's group 
In each case the group will need the 'x' bit set on the directory which 
effectively means "can 'cd' to the directory" and also the 'r' bit set on 
the directory which means "can 'ls' in the directory". Note that the 'r' 
bit need only be set for the lowermost directory eg 

drwxr-xr-x      root    root    /home
drwx--x--x      adamw   adamw   /home/adamw
drwxr-x---      adamw   apache  /home/adamw/public_html
or
drwxr-S---      adamw   apache  /home/adamw/public_html
First ensures everybody can find & read /home (try chmod o-r /home)
2nd ensures adamw can do anything but everyone else can on 'cd' into it.
3rd ensures adanw can do anything and apache can cd to, and cat files.
The last one ensures the default group of files/dirs written will be 
'apache'

Another way to ensure you have it all correct is to temporarily give the 
apache user a shell and try to cat the relevant html and execute the 
relevant CGI's.

usermod -s /bin/bash apache
su - apache
cd /home/adamw/public_html
cat index.html
./my.cgi        {may not work, but at least should run}
exit
usermod -s /sbin/nologin apache

 -- 
---<GRiP>---
Electronic Hobbyist, Former Arcadia BBS nut, Occasional nudist, 
Linux Guru, SLUG Secretary, AUUG and Linux Australia member, Sydney 
Flashmobber, BMX rider, Walker, Raver & rave music lover, Big kid that 
refuses to grow up. I'd make a good family pet, take me home today!
        Do people actually read these things?



-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Reply via email to