On Wed, 7 Apr 2004, Adam W wrote:
> Jobst,
>
> > >
> > > After creating my public_html file in /home/adamw,
> > >
> > > Still getting:
> > >
> > > [Wed Apr 07 19:16:46 2004] [error] [client 192.168.1.101]
> > > (13)Permission
> > > denied: access to /~adamw denied
> >
> >
> > The Apache Server must have access to that DIR!
> >
> > However you can do something like this:
> >
> > /home/adamw -> 0710 -> adamw.apache
> >
> > /home/adamw/public_html -> 0710 -> adamw.apache
>
> I understand that it should. But how do I give it access when
> /home/adamw only gives access to user adamw and it alone. Well how do I
> do this securely/properly?
>
[next message]
> I didn't realise apache needs execute permissions!
> Cheers,
> Adam.
The problem++ is apache doesen't run as root and therefore can't read the
files in the directory. Jobst's answer above is one correct answer only
maybe not explained. The 2 statements below are conflicting:
1) "/home/adamw only gives access to user adamw and it alone"
2) the apache user must have read permission to display html files
One of several options must be taken, here's 2:
1) change the group of the directory
2) put the apache user (httpd,www,apache??) in the user's group
In each case the group will need the 'x' bit set on the directory which
effectively means "can 'cd' to the directory" and also the 'r' bit set on
the directory which means "can 'ls' in the directory". Note that the 'r'
bit need only be set for the lowermost directory eg
drwxr-xr-x root root /home
drwx--x--x adamw adamw /home/adamw
drwxr-x--- adamw apache /home/adamw/public_html
or
drwxr-S--- adamw apache /home/adamw/public_html
First ensures everybody can find & read /home (try chmod o-r /home)
2nd ensures adamw can do anything but everyone else can on 'cd' into it.
3rd ensures adanw can do anything and apache can cd to, and cat files.
The last one ensures the default group of files/dirs written will be
'apache'
Another way to ensure you have it all correct is to temporarily give the
apache user a shell and try to cat the relevant html and execute the
relevant CGI's.
usermod -s /bin/bash apache
su - apache
cd /home/adamw/public_html
cat index.html
./my.cgi {may not work, but at least should run}
exit
usermod -s /sbin/nologin apache
--
---<GRiP>---
Electronic Hobbyist, Former Arcadia BBS nut, Occasional nudist,
Linux Guru, SLUG Secretary, AUUG and Linux Australia member, Sydney
Flashmobber, BMX rider, Walker, Raver & rave music lover, Big kid that
refuses to grow up. I'd make a good family pet, take me home today!
Do people actually read these things?
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html