I am trying to set up a owncloud server using httpd. In my /var/www/html I set the owner and group to apache:apache and permission of 644.
In my httpd.conf file I have the following.
DocumentRoot /var/www/html
<Directory "/var/www/html/owncloud">
Options Indexes FollowSymLinks
AllowOverride All
order allow,deny
allow from all
</Directory>
I am able to read the php files in the document root, however, when I browse to /owncloud I am getting a 403 Forbidden error.
In my error log I am getting the following.
(13)Permission Denied: access to /owncloud denied
Am I missing any configuration?
You should usually set the user/group to www-data:www-data, see the Owncloud guide, unless you have a changed webserver configuration.
Adding my two cents. (Others have posted similar answers).
I just moved from Linux Fedora 14 to Fedora 20,
then downloaded/installed Apache (which is no longer on
the install DVD), and ran into this "403 You don't
have access" problem, until I found that SELunix
was the culprit. Depending on your flavour of
Linux, this might apply to some of you as well.
To find out whether SELinux is active, enter
"getenforce". If you get "Enabled" then look
in "/var/log/audit/audit.log".
You might see lines like
... denied { getattr } ... comm="httpd"
path="/var/www/html/index.html"
Then decide whether:
You DON'T want/need SELunix. Then edit
"/etc/selinux/config" and change the relevant
line to "SELINUX=disabled", then reboot.
You DO want/need SELunix. Then study SELunix
and change whatever settings. (I can't help
you with this, since I opted for 1 above.) :D
Related
I am facing a peculiar problem with apache2 running on debian 8. I followed a couple of tutorials to install it and everything worked great. The problem is that i have partitioned the disk as 9gb for the system files, 1gb swap and 30gb for the home folder so I wanted to move the www folder from it's current location (/var/www) to home(/home/www).
I found more than a few guides on how to do that, some saying that i should change the lines in apache2.conf from this:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
to this:
<Directory /home/paul/www/>
Options Indexes FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
</Directory>
As well as the documentRoot
Others suggested using the 000-default.conf file located in the /etc/apache2/sites-available folder and change the default folder from /var/www to /home/paul/www.
I did both and the folder was seen but not accessible, so i used the quick solution and use chroot 777. After that apache redirected me back to /var/www.
All settings point to /home/paul/www and the www folder has full read write permission. In fact neither the apache.conf nor 000-sites-available has any reference of /var/www so why does apache keep pointing me there? Is there something i missed?
p.s i did updates and upgrades multiple times as well as restarted the apache service and the entire pc.
you need to change the ownership of files to allow apache there
please try
chown -R www-data /home/paul/www/
however if you set a particion for your paul www why not mount the partition in /var/www
or you can create a symlink
ln -s /home/paul/www /var/www/paulsite
then edit your apache conf accordingly.
Regarding the edited file I recomend you use the 000-default better. in fact i would use that as a skeletone. and create a new file for your site then enable that site.
Ok so with a little research i realized that what i was trieing to do was not the best practice at all! (Thanx for the heads up Sudakatux).
I found the solution in askubuntu for anyone interested.
Instead of trieing to change the mechanics of apache i enabled the userdir module and set up public_html in my home folder with 755 permissions. I use a redirection script from the initial location to the various locations on my home directory. Works just fine!
I'm running the latest Apache Server on Linux Mint 14 and trying to take my first babysteps with vhosts, where I encountered a general problem with my setup:
every option I declare in the <Directory> section doesn't seem to have any effect on any subdirectories - but as far as I know and according to the documentation it should.
For example: I'm trying to give permissions for .htaccess file by
<Directory /var/www/>
AllowOverride All
</Directory>
a .htaccess in /var/www would work properly, but e.g. a .htaccess in /var/www/test with contents "Deny from all" would take no effect.
Are there any options I have to set that I don't know of? This isn't my first apache setup so I'm kind of confused right now, but I can't find a solution.
Thank you in advance!
Got it, apache2.conf includes external vhost settings, so the default settings in sites-available/default kept overwriting mine.
I'm desperately trying to get phpmyadmin access on xampp for linux 1.8.0 for ubuntu 12.04 LTS. I know this is a common problem, but I have tried many threads across the web, and I am still stuck getting it going.
Xampp seems to be running ok, localhost start page good, including link to phpmyadmin in the sidebar. When I follow that link I get a 403 error:
Access forbidden!
New XAMPP security concept:
Access to the requested directory is only available from the local
network.
This setting can be configured in the file "httpd-xampp.conf".
If you think this is a server error, please contact the webmaster.
Error 403
localhost Apache/2.4.2 (Unix) OpenSSL/1.0.1c PHP/5.4.4
I have tried numerous things, including amending httpd-xampp.conf, the relevant bits of which now look like: http://pastebin.com/J4f4tNVs
my /opt/lampp/phpmyadmin/config.inc.php looks like: http://pastebin.com/5PZPXK5s
Following other instructions I changed ownership of /lampp with:
chown -Rv nobody:root ./lampp/*
Please help me!
Thanks,
Matt
I've found a solution here: http://www.apachefriends.org/f/viewtopic.php?f=17&t=50902&p=196185#p196185
Edit /opt/lampp/etc/extra/httpd-xampp.conf and adding Require all granted line at bottom of block <Directory "/opt/lampp/phpmyadmin"> to have the following code:
<Directory "/opt/lampp/phpmyadmin">
AllowOverride AuthConfig Limit
Order allow,deny
Allow from all
Require all granted
</Directory>
I am looking to change apaches default page for when there are no indexes and getting a 500 error. My server is Linux Red Hat with clients setup using Kloxo and /etc/httpd/conf.d/welcome.conf I am trying to change:
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /error/noindex.html
</LocationMatch>
To
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /error/noindex.php
</LocationMatch>
Which after httpd restart it gives a 500 error. I assume it has to do with PHP permissions as the file is uploaded as root and the user is specific to an account.
The noindex.html file works fine and is set as root as well.
I know an alternative is to use a skeleton directory, but I don't want to go that route.
Does anyone have any ideas how I would accomplish this?
Thanks.
EDIT:
Error I get in suPHP:
UID of script "/var/www/error/noindex.php" is smaller than min_uid
If I change permissions to 777, I get the 500 error page, with only this message in logs:
File "/var/www/error/noindex.php" is writeable by others
EDIT 2:
Make the file 400 or 660 and user ID 501 (lxlabs), I now get the error:
Mismatch between target UID (1060) and UID (501) of file "/var/www/error/noindex.php"
I believe lxlabs is supposed to be a regular user, but might not have permissions to that directory. I am not sure how to target the /home/kloxo/httpd/error/noindex.php as the welcome.conf file seems to start in the /var/www directory.
EDIT 3:
This may help as well. I was able to set the suPHP details in the Virtualhost declarating. Like:
<Virtualhost 123.456.78.90:8888>
SSLEngine On
SSLCertificateFile /home/kloxo/httpd/ssl/eth0___localhost.crt
SSLCertificateKeyFile /home/kloxo/httpd/ssl/eth0___localhost.key
SSLCACertificatefile /home/kloxo/httpd/ssl/eth0___localhost.ca
DocumentRoot /home/kloxo/httpd/webmail/
<Ifmodule mod_suphp.c>
SuPhp_UserGroup lxlabs lxlabs
</Ifmodule>
</Virtualhost>
Perhaps I can do something similar in the welcome.conf file?
The solution is to change the owner and permissions of the script. The user must be a normal user. The permissions must be 660 (rw for user and group) or 400 (r for user only). Explanation follows.
You are using suPHP which is an Apache module that tries to secure PHP scripts by running them with restricted permissions. When a script is requested, suPHP switches to the owner of the script before executing it.
For obvious security reasons, suPHP forbids to run a script as root. So PHP scripts owned by root can't be reached through Apache. This is what the message UID of script is smaller than min_uid means. suPHP is indeed a bit more generic: it forbids all special users. Linux keeps the first user ids for the special users. Normal users have an ID above 500 or 1000 (depending on the distribution) while root usually has the ID 0.
suPHP, still for security reasons, refuses to run scripts that any user can modify. This is the meaning of the message File is writeable by others. This behavior can be switched of with the config parameter allow_file_others_writeable, but it doesn't make much sense to use a security-oriented module with an insecure configuration. After all, the main purpose of suPHP is to separate the applications that have different file owners.
After lots of testing and researching, it doesn't appear to be possible to have a global file like this. The best work around is to put a file in the skeleton directory for each user.
I get this problem when I visit my domain.com. I have compared this with my other website with the SAME set-up (just different username!!!) For some reason that website works and this one doesn't.
Forbidden
You don't have permission to access / on this server.
Apache/2.2.3 (Red Hat) Server at www.mydomain.com Port 80
In terms of permission issues, I have added user "apache" to the group "dver" and "svn" that own the folders that everything is located on.
$ ls -l
total 4
drwxr-xr-x 4 dver svn 4096 Oct 13 19:49 tv
This is my django.wsgi:
import os
import sys
sys.path.append('/home/dver/tv')
os.environ['PYTHON_EGG_CACHE'] = '/home/dver'
os.environ['DJANGO_SETTINGS_MODULE'] = 'mtv.settings'
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
This is in my httpd.conf:
WSGIScriptAlias / /home/dver/tv/mtv/wsgi/django.wsgi
DocumentRoot "/home/dver/tv/mtv/"
Alias /media/ /home/dver/tv/mtv/media/
<Directory /home/dver/tv/mtv/media>
Order deny,allow
Allow from all
</Directory>
<Directory /home/dver/tv/mtv>
Order deny,allow
Allow from all
</Directory>
If anyone can help me I'll really appreciate it.
Thanks!
As the code will run as the Apache user, all directories from the root of the file system down to '/home/dver/tv/mtv/wsgi' must be readable/executable to others, or at least somehow the Apache user, not just your Django site directory.
Thus, if '/home/dver' has permissions 'rwxr-x---' then it will not work. This is the most common problem where people go and stick the WSGI script file under their own home account. Manipulating groups may work, but you don't indicate if that group ownership also applies to '/home/dver'.
Although it will not matter as refers to a parent directory, but more secure to have:
<Directory /home/dver/tv/mtv/wsgi>
Order deny,allow
Allow from all
</Directory>
That is, use '/home/dver/tv/mtv/wsgi' rather than '/home/dver/tv/mtv'.
One other possibility is that you have SELinux extensions enabled for operating systems. You should configure SELinux correctly if it is, or possibly disable it just to see if it then works.
There are three potential problems that I notice.
The first depends on the OS you're running — are you sure the user you should add to the groups is called apache and not www-data?
The second is that you have your wsgi script under the directory wsgi but you have no httpd.conf Directory definition for it. I would add that and try again.
The third is that your /home/dver egg directory might have the wrong permissions.