On Wed, 2021-09-15 at 13:07 -0700, vince wrote: > On Wednesday, September 15, 2021 at 12:54:07 PM UTC-7 > [email protected] wrote: > > There are Forbidden (403) errors attempting to access weewx data on > > a newly installed system. The error log reports: > > ... > > [Wed Sep 15 12:09:54.602687 2021] [core:error] [pid 22344:tid > > 22450] (13)Permission denied: [client 27.0.0.1:36102] AH00035: > > access to /weewx/index.html denied (filesystem path '/var/www/h > > tml/weewx/index.html') because search permissions are missing on a > > component of the path > > ... > > > > Weewx and Apache both appear to be running OK. I suspect the > > problem is that weewx is running as user root, while the httpd > > server (apache) is running as user apache. Thoughts? If so, > > what's the easiest way to configure weewx to run as apache (which > > would be a little more secure)? > > > I'd suggest google search for "AH00035: access denied because search > permissions are missing on a component of the path". (this page) has > some reasonably good comments as does (this one) > > If you're running selinux, that is more likely the thing you should > check first. Check your security log for how to set the context for > the web docroot weewx writes into. The first link has a chcon > example for how to make selinux happy.
The problem was selinux. I checked this by setting enforcement to Permissive which made the web page accessible. I then followed the magic in (this page) to make the selinux permissions for /var/www/html/weewx the same as those for /var/www/html; now everything works OK with enforcement set to Enforcing. I presume that if weewx creates new files under .../weewx/ then they will inherit correct permissions (or possibly weewx won't create any such files after its initialization). Also it doesn't look like there's any worry about security. -- Sincerely Jonathan Ryshpan <[email protected]> Do you ever feel thankful that you know me and have access to my dementia? Explain and be prepared to discuss in class. -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/62841d516a14489c07abe833235817a2618d6a40.camel%40pacbell.net.
