Permission denied for subdirectory in Apache - linux

I have apache running on port 80. I have also created an additional conf file in conf.d that would open up a second port 8010 with a different directory but I am unable to get to subdirectories now of the document root of 8010
Listen 8010
<VirtualHost ip:8010>
DocumentRoot /var/www/boom
ServerName localhost
ErrorLog logs/dm-error_log
CustomLog logs/dm-access_log common
<Directory /var/www/boom>
AuthName "Protected Area"
AuthType Basic
AuthUserFile /var/www/secure/passwords
Require valid-user
</Directory>
</VirtualHost>
If I try to go to ip:8010/banq I get the following error
Forbidden You don't have permission to access /banq/ on this server.
I tried chmod 777 on banq with no luck
I had this all working great for few years and then lost all backups, had to recreate from scratch. I was able to move conf file from 1 server to another without setting any any chown and minor chmod commands. Is it possible to open all subdirectories of /var/www/boom to anyone who authenticates properly?

Two things I have encountered that could cause a similar error would be:
Apache can't access the document root of where the banq/ directory is found. Have you checked permissions on /var/www/boom? Setting the group to apache or nobody, or making the directory world readable would be a good test.
If there is no directory index in banq/ Apache may prevent you from viewing a directory listing. Try adding either an index.html page to the directory for testing, or add "Options +Indexes" to the config file.

Related

Apache on Raspberry Pi - can't serve files from a different drive - causes 403 error

I got a Raspberry Pi yesterday and have mounted an additional hard drive on it. I'm planning to use it on a web server. However, I wish to host my files on the hard drive, not the small SD card where the OS is located.
I installed Apache and created a Virtual Host config file, specifying the DocumentRoot and the directory on the external HDD where the website is located. However, it gives a 403 error. The system log gives the following information:
Permission denied: [client 123.456.789.1250527] AH00035: access to / denied (filesystem path '/media/myusername/myHDD') because search permissions are missing on a component of the path
I've tried a number of different things: setting the DocumentRoot to /var/www/html but specifying the path to the HDD in the Directory tag, changing the DocumentRoot in the default site to the path to the HDD's directory that I want to serve, adding the line DocumentRoot "/media/myusername/myHDD" in the apache2.conf file. I changed the ownership of the /myHDD folder to the www-data user. I eventually deleted the /var/www/html folder and created a symlink to the HDD's directory with the name html, but that causeed this error:
AH00037: Symbolic link not allowed or link target not accessible: /var/www/html
What do I need to do to make Apache serve these websites that are on the HDD and not the system SD (only 16GB)? Here is my VirtualHost config:
<VirtualHost *:80>
ServerAdmin me#myemail.com
ServerName myurl.com
ServerAlias www.myurl.com
DocumentRoot "/var/www/html"
Alias "/webals" "/media/userName/MyHardDrive/public_html/myurl.com/"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/media/userName/MyHardDrive/public_html/myurl.com">
Require all granted
Order allow,deny
Allow from all
</Directory>
I'm not sure what is going on here. Haven't really used Apache much in the past - have preferred nginx.
Any help here would be good.

Password protect directory in AWS EC2 running Apache/Linux

As the title says, I have an AWS EC2 instance with Apache. It's a Linux server. I want to password protect one directory. I was following this answer: https://stackoverflow.com/a/18178857/989722
htaccess:
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /var/www/admin/.htpasswd
Require valid-user
Created a proper .htpasswd file, but wondering if there's another step.
However, it's not working (i.e., directory isn't protected). I restarted my server and that didn't help. Wondering if I need to change something in my config file.
If I look at the contents of the directory where I placed my .htaccess file, using terminal ls, the .htaccess file isn't visible. I uploaded it using SFTP and see it using my FTP application, but maybe it's not actually there. Same thing for my .htpasswd file.
Dumb mistake.
Needed to add this to my server config file:
<Directory /var/www/html/MYPROTECTEDDIRECTORY>
AllowOverride All
</Directory>
Couple of addition to above step.
config file to update directory for AllowOverride is available via vi editor
sudo vi /etc/httpd/conf/httpd.conf
After saving restart the apache server
sudo /etc/init.d/httpd restart

403 error after setting up vhosts

I am running a CentOS 6 server (on Digital Ocean) which has apache 2.2 installed.
I installed ProFTP and have set up a user called 'rator' with whom I can ftp in to the home directory at /home/rator/
I want this directory to be a working web development environment and have set up a further two sub dirs - dev and stage.
In the dev folder I have cloned my git repo and have ended up with the rather long path:
/home/rator/dev/rator/
I want to set up a vhost to this directory. I have set up my hosts file for rator.dev on my local machine, and have the following in the vhosts section of /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
ServerAdmin me#email.com
DocumentRoot /home/rator/dev/rator
ServerName rator.dev
ErrorLog rator.dev-error_log
CustomLog logs/rator.dev-access_log common
<Directory /home/rator/dev/rator>
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
When I try to view this in the browser - I get a 403 error. "You don't have permission to access / on this server."
If I chown apache:apache all of the dirs and files below /home/ then the site becomes visible however, I then cannot log in through ftp as the ftp home dir is then owned by apache and I'm logging in as 'rator'.
I have tried many variants on the Vhosts directory permissions but so far have not been able to solve the access problem.
Does anybody know what the correct vhosts should be here?
Ok, turned out to be pretty dumb....
sudo chmod o+rx /home/rator
Execute and read permissions were not set correctly on the home folder....

How to change DocumentRoot to a custom folder

I got my new VPS server with CentOS 5.8, I could not transfer my domain yet but I want to reach my site via http://my-server-ip and since I am using laravel framework I need to change default DocumentRoot httpdocs to httpdocs/public I have tried to put those lines to httpd.conf file:
<VirtualHost my-server-ip:80>
DocumentRoot /var/www/vhosts/my.domain.org/httpdocs/public
ServerName my.domain.org
</VirtualHost>
However after restarting apache it warns me like this:
Warning: DocumentRoot [/public] does not exist
What should I do?
You'll need to enable read (and possibly execute) privileges on the directory. As root try:
# Recursively set the owner of this folder to 'www'
chown -R www /var/www/vhosts/my.domain.org/httpdocs/public
# Recursively give the owner read and execute privileges
chmod -R u+rx /var/www/vhosts/my.domain.org/httpdocs/public
As an alternative on some setups the user might be called nobody. So if www doesn't work try:
chown -R nobody /var/www/vhosts/my.domain.org/httpdocs/public
EDIT:
As user tink pointed out in the comments
"...in Centos the user running apache is aptly called apache. In debian and it's derivatives, it's www-data."
might be that the apache user can't get into the new directory. try
chmod a+r /var/www/vhosts/my.domain.org/httpdocs/public
I had the same "403 page" problem. Just after I changed Document Root in my /etc/apache2/conf-available/sitename.conf from /var/www/html to /data/www.
To solve the problem I did the folowing:
1) Utilized chown and chmod examples, provided by Mike (2 posts above). Many thanks to him;
2) Added 2 lines to the end of /etc/apparmor.d/abstractions/web-data as follows:
/data/www/ r,
/data/www/** r,
and then run:
sudo service apparmor reload
3) I also needed to add the following bit of code to my apache.conf:
<Directory /data/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
May be some actions were superfluous, but It worked pretty nice for me (Apache v2.4.7, Ubuntu 14.04.1)

CentOS Subversion, Basic Auth Password file not working

So i have SVN installed and using HTTPD for a remote repository. All works well, until i use the password file. This is not working at all. Apache's error_log says
(13) Permission Denied: Could not open password file
I have set the passwd file's chmod to 777 and chown to apache, I also set the parent folder of the repo and passwd file to chown apache and chmod 777...
I have no clue how this is a permissions problem anymore... any help please!!
UPDATE
I took SVN out of it, and just implemented a standard basic auth on one of my domains
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot "/var/www/www.domain.com/public_www"
<Directory "/var/www/www.domain.com/public_www">
Options -Indexes
Order allow,deny
Allow from all
AllowOverride All
AuthType Basic
AuthName "Basic Authentication"
AuthUserFile /path/to/authfile.htpasswd
Require valid-user
</Directory>
</VirtualHost>
I created the password file like this
htpasswd -cm /path/to/authfile.htpasswd username
password (and retype)
And finally
service httpd restart
Lo and behold, the auth prompt works as before, but the username and password DOES NOT! This is rather frustrating, i have double checked all the permissions, owners etc of the password file and parent folder, but i still get
(13) Permission Denied: Could not open password file
In the error_log for Apache
If you're on a Red Hat Enterprise Linux/Centos/Fedora system and you create your htpasswd file outside of /var/www/html directory, owned by apache, you'll also have problems with SELinux context/lables of the htpasswd file. You can check the current context/label of htpasswd with the -Z option passed into the ls command.
ls -Z
The htpasswd file should have a type of httpd_sys_content_t. you can change this with this command:
chcon -t httpd_sys_content_t htpasswd
More info on Relabeling Files for SELinux:
https://wiki.centos.org/HowTos/SELinux#head-0f6390ddacfab39ee973ed8018a32212c2a02199
Maybe a bit of an obvious slap in my face:
I had previously been putting /path/to/authfile.htpasswd out side of apaches home folder /var/www, when I put the password file in /var/www/svn-auth/*.htpasswd than it worked.
Regardless of chown (apache owning /svn-auth and .htpasswd files within) it was probably being denied because it's likely that apache's (as a user) home folder is /var/www/* and was being denied access outside of it...
Lesson learned

Resources