I'm having issue where an image from my index.htm file is not being able to displayed. The contents of index.htm file are as below:
[root#docker1:/etc/httpd/conf]:cat /var/www/html/index.htm
<!DOCTYPE html>
<html>
<head>
<title>httpd server</title>
</head>
<body>
<h1>
First H1 Tag
</h1>
<p> My First para</p>
<h1> Second H1 tag .</h1>
<p>My Second Para</p>
Google
<img src="http://192.168.1.6/lord_shiva_on_bull.jpg" alt="Shiva" width="200" height="200">
</body>
</html>
[root#docker1:/etc/httpd/conf]:
Some extract from configuration:
ServerRoot "/etc/httpd"
[root#docker1:/etc/httpd/conf]:ls -larth /var/www/html/lord_shiva_on_bull.jpg
-rwxrwxrwx. 1 jim jim 165K Aug 13 11:54 /var/www/html/lord_shiva_on_bull.jpg
[root#docker1:/etc/httpd/conf]:ls -larth /var/www/html/
total 172K
-rwxrwxrwx. 1 jim jim 165K Aug 13 11:54 lord_shiva_on_bull.jpg
drwxrwxrwx. 2 root root 6 Aug 13 12:21 src
drwxr-xr-x. 4 root root 31 Aug 13 13:04 ..
-rwxrwxrwx. 1 root root 323 Aug 13 13:08 index.htm
drwxr-xr-x. 3 root root 61 Aug 13 13:08 .
[root#docker1:/etc/httpd/conf]:ls -ld /var/www/html/
drwxr-xr-x. 3 root root 61 Aug 13 13:08 /var/www/html/
[root#docker1:/etc/httpd/conf]:id apache
uid=48(apache) gid=48(apache) groups=48(apache)
[root#docker1:/etc/httpd/conf]:grep "apache" httpd.conf
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
User apache
Group apache
# http://httpd.apache.org/docs/2.4/mod/core.html#options
[root#docker1:/etc/httpd/conf]:
I'm totally confused as to what is the issue? Would greatly appreciate input from learned Guru's
The dots at the end of the permissions such as
drwxr-xr-x.
indicates those paths are under the jurisdiction of SELinux.
If you have made sure Apache HTTPD process has search (for directories) and read for files permissions for all the path until reaching the image files and you still get Permission Denied, you must review your Operative System logs relating the denial of access by SELinux.
See if you have selinux policy enabled.If yes,then for testing try by disabling it and test the same.
You can use cmd : 'getenforce' to get the status of selinux in linux and use 'setenforce 0' to disable it.
Related
I have centos in VMware and hosted a web application.
This is the url I try to access my page. There is also another demo page "demo.php" that I create for test. its fine can access and prints contents: "its ok." but when I try to my app page which in same directory the browser says:
Forbidden
You don't have permission to access /WP/View/Home/localobjects.php on this server.
http://192.168.118.129/WP/View/Home/localobjects.php
How can I fix this?
Files Permissions in directory.
-rw-r--rwx. 1 root root 272 Apr 2 00:49 activedirectoryusers.php
-rw-r--rwx. 1 root root 236 Apr 17 01:22 configuration.php
-rw-r--rwx. 1 root root 324 Mar 30 00:59 dashboard.php
-rw-r--r--. 1 root root 107 Apr 15 08:28 deneme.php
drwxr-xrwx. 2 root root 4096 Apr 17 01:22 Ipageimplementations
-rw-r--rwx. 1 root root 257 Apr 17 00:52 localobjects.php
-rw-r--rwx. 1 root root 224 Mar 28 18:41 policy.php
-rw-r--rwx. 1 root root 257 Apr 13 01:58 timeintervals.php
Here is a cheatsheet…
Directories must have the permissions "drwxr-xr-x".
You set them with chmod 755 [directory name].
Files must have the permissions "-rw-r--r--".
You set them with chmod 644 *php for all the php files in a folder. If you have other files which must be seen on the web (.css, etc.) chmod them accordingly.
To get the "magic numbers" you have three digits:
the first one is for the owner
the second one is for the owner's group
the third is for the rest of the world
Numbers are the sum of:
4: readable
2: writeable
1: executable
In doubt, make a directory at a time: if you give wrong permissions (not executable, like files) to a folder you can't browse it.
I am currently creating an application that requires separate users running duplicate programs. They cannot run under root because of security reasons, so they are initiated by a Java app that I am working on, and I am starting them with runuser -l. However, I cannot cd into a directory, even though it is owned by the user, and the user has 770 permissions in the folder.
Here's what I'm running:
runuser -l lp1 -c 'java \-jar /root/Desktop/workspace/LitePanel/servers/server1/server.jar \-Xms1024M nogui'
And the output of this is:
runuser: warning: cannot change directory to /root/Desktop/workspace/LitePanel/bin/servers/server1/: Permission denied
Here's an ls -all:
drwxr-xr-x. 3 root root 4096 Jan 30 14:03 .
drwxr-xr-x. 7 root root 4096 Jan 30 14:02 ..
drwxrwx---. 2 lp1 lp1 4096 Jan 31 03:07 server1
Inside the directory:
drwxrwx---. 2 lp1 lp1 4096 Jan 31 03:07 .
drwxr-xr-x. 3 root root 4096 Jan 30 14:03 ..
-rwxrwx---. 1 lp1 lp1 9170551 Jan 31 03:07 server.jar
And here's /etc/passwd:
lp1:x:501:501::/root/Desktop/workspace/LitePanel/bin/servers/server1/:/bin/false
Anyone know why this is happening? It looks like the user has the necessary permissions to do this.
You have said that the directory itself has permissions 770 and is owned by the user, but what about its parents? I believe the cd command will need at least read access (and possibly execute) on the parent directories.
Story: I deleted a directory LogViewer from the document root that was browseable and working perfectly. Later I decided to add it back but now apache wont show it.
drwxr-xr-x. 12 user group 4096 Jun 19 15:16 272
drwxr-xr-x. 12 user group 4096 Jun 19 15:17 273
drwxr-xr-x. 3 user group 4096 Jun 20 08:06 LogViewer
The 272 and 273 directories are browsable and work.
Output of ls -lZ:
drwxr-xr-x. user group system_u:object_r:httpd_sys_content_t:s0 272
drwxr-xr-x. user group system_u:object_r:httpd_sys_content_t:s0 273
drwxr-xr-x. user group unconfined_u:object_r:user_home_t:s0 LogViewer
What I've Tried:
I have restarted apache multiple times. I've stopped it, and started it. I've refreshed the browser, I've cleared cookies and all temp files.
My Question: Wtf?
As per: SELinux doc
To make a folder viewable from a special user public HTML folder, it
needs to have a type that httpd has permissions to read, presuming the
Apache HTTP Server is configured for UserDir and the Boolean value
httpd_enable_homedirs is enabled.
Try this command:
chcon -R -t httpd_user_content_t LogViewer
I've been trying to get Apache to follow symlinks. I am getting an "Access forbidden!" message.
I understand this is likely a permissions issue.
So far I have tried:
Setting the source directory to chmod 777
Adding the xampp/apache user 'nobody' to the groups 'admin' and 'staff'
Both symlink and apache alias directives (both give me the forbidden message)
Source:
1228833 drwxr-xr-x 27 eric staff 918 Jun 1 09:55 .
332009 drwxr-xr-x+ 40 eric staff 1360 May 22 10:41 ..
1228879 -rw-r--r--# 1 eric staff 24580 Jun 1 09:55 .DS_Store
30604402 lrwxr-xr-x 1 eric staff 93 Jun 1 09:07 YellowFinTunaPages -> /Users/ericmiller/Dropbox/_iSirona/iSirona Product Development/Prototypes/YellowFinTunaPages/
Destination:
30602721 drwxr-xr-x 4 eric staff 136 Jun 1 09:10 .
1286885 drwxr-xr-x# 11 eric staff 374 Jun 1 09:04 ..
30606068 -rw-r--r--# 1 eric staff 6148 Jun 1 09:10 .DS_Store
30602745 drwxrwxrwx 10 eric staff 340 Jun 1 09:05 YellowFinTunaPages
Turns out access permissions for a folder depend on the folder above it. I didn't realize this. I had to chmod 755 the whole preceding directory tree. I wish there were a better solution--I don't actually want to allow broad access to that whole tree, just the subfolder.
Apache won't follow symlinks (403 Forbidden)
I am trying to setup my webserver so that one group will have access to the files. Apache and every user that needs to edit the files will be part of this group. So I've set all the files to have the group psacln. I've added psacln to my groups. But it still won't let me view the files:
[tom#166 httpdocs]$ whoami
tom
[tom#166 httpdocs]$ groups tom
tom : tom adm wheel apache psacln andy
[tom#166 httpdocs]$ ls -al
ls: .: Permission denied
[tom#166 httpdocs]$ sudo ls -al
total 92
d---rwx--- 14 andy psacln 4096 Jul 22 17:51 .
drwxrwxr-x 16 apache apache 4096 Jul 21 09:29 ..
d---rwx--- 4 andy psacln 4096 Jul 21 09:26 backend
d---rwx--- 3 andy psacln 4096 Jul 22 15:21 core
d---rwx--- 5 andy psacln 4096 Jul 21 09:26 css
...
One thing that may be useful to note, is that when you change a user's group membership, you will have to log out and back in again (i.e. group memberships will take effect when you log in and don't normally change otherwise).
You can either log in and out to let the group change take effect, or changing your "active" group with the newgrp command will also do this for you.