On 07/03/2013 12:40 PM, Isenhower, Dave wrote: > Hi, > > I have a an htpasswd file that I want to have locked down so that it cannot > be read on the filesystem by anyone other than the owner and Apache. Apache > is version 2.2.3 running on RedHat Linux 5.9. > > The permissions I have set are as follows: > > drwxr-xr-x 6 root root 4096 May 7 10:19 /www > drwxrwxr-x 3 webowner apache 4096 May 7 10:03 /www/etc > drwxrwxr-x 4 webowner apache 4096 Jun 7 18:01 /www/etc/apache > drwxrwx--- 6 webowner apache 4096 Jun 7 18:01 /www/etc/apache/config > -rw-rw---- 1 webowner apache 123 Jun 7 18:01 /www/etc/apache/config/htpasswd > > The httpd server starts as root and runs under the apache account as a member > of the apache group. Under this permission structure, the web server will > prompt the user for authentication, but throws an internal server error after > the attempted login. > > The error log shows this: > > [Wed Jul 03 10:58:12 2013] [error] [client 127.0.0.1] (13)Permission denied: > Could not open password file: /www/etc/apache/config/htpasswd > [Wed Jul 03 10:58:12 2013] [crit] [client 127.0.0.1] configuration error: > couldn't check user. No user file?: /restricted/testfile.html > > If I give read access to others on htpasswd (chmod o+r) and the config > directory (chmod o+rx), there's no more internal server error. Changing the > owner from webowner to apache also resolves the issue. However, neither of > these options meets my needs in terms of file-security. > > I'm stumped and would appreciate any help. > > Thanks, > Dave > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > Are you using SELinux?
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
