Apache and public_html

Im having trouble with my public_html directory. I have no trouble with seeing http://localhost/ but when I want to access my private pages (http://localhost/~username/ i get an error "http 403 forbidden". What can be wrong. The manual are talking about an access file called ".htaccess" but i cant find it. Can anyone find the error in my httpd.conf?? If you know the answer, you dont have to read the whole file:

# ---------------------- Server Configuration ----------------------------

# ServerType is either inetd, or standalone.

ServerType standalone

# If you are running from inetd, go to "ServerAdmin".

# Port: The port the standalone listens to. For ports < 1023, you will
# need httpd to be run as root initially.

Port 80

# Number of servers to start --- should be a reasonable ballpark figure.

StartServers 10

# Server-pool size regulation.  Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).

# It does this by periodically checking how many servers are waiting
# for a request.  If there are fewer than MinSpareServers, it creates
# a new spare.  If there are more than MaxSpareServers, some of the
# spares die off.  These values are probably OK for most sites ---

MinSpareServers 8
MaxSpareServers 20

# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We reccomend you leave this number high, for maximum performance.

MaxKeepAliveRequests 100

# KeepAliveTimeout: Number of seconds to wait for the next request

KeepAliveTimeout 15

# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# Unix with it as it spirals down...

MaxClients 150

# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies.
# The child will exit so as to avoid problems after prolonged use when
# Apache (and maybe the libraries it uses) leak.  On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries.

MaxRequestsPerChild 500

# PidFile: The file the server should log its pid to
PidFile /etc/httpd/httpd.pid

# CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.

# CacheNegotiatedDocs

# Timeout: The number of seconds before receives and sends time out

Timeout 300

# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this.  But if yours does (you'll know because
# this file is created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
ScoreBoardFile /etc/httpd/httpd.scoreboard

# ServerRoot: The directory the server's config, error, and log files
# are kept in.
# NOTE!  If you intend to place this on a NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation,
# you will save yourself a lot of trouble.

ServerRoot /etc/httpd

# HostnameLookups: Log the names of clients or just their IP numbers
# e.g.   www.apache.org (on) or (off)
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on.

HostnameLookups off

# ---------------- Dynamic Shared Object (DSO) Support ---------------------

# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Please read the file README.DSO in the Apache 1.3 distribution for more
# details about the DSO mechanism and run `httpd -l' for the list of already
# built-in (statically linked and thus always available) modules in your httpd
# binary.

# Example:
# LoadModule foo_module libexec/mod_foo.so

# Documentation for modules is in "/home/httpd/manual/mod" in HTML format.

# LoadModule mmap_static_module modules/mod_mmap_static.so
# LoadModule vhost_alias_module      modules/mod_vhost_alias.so
LoadModule env_module         modules/mod_env.so
LoadModule config_log_module  modules/mod_log_config.so
LoadModule agent_log_module   modules/mod_log_agent.so
LoadModule referer_log_module modules/mod_log_referer.so
# LoadModule mime_magic_module  modules/mod_mime_magic.so
LoadModule mime_module        modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule status_module      modules/mod_status.so
LoadModule info_module        modules/mod_info.so
LoadModule includes_module    modules/mod_include.so
LoadModule autoindex_module   modules/mod_autoindex.so
LoadModule dir_module         modules/mod_dir.so
LoadModule cgi_module         modules/mod_cgi.so
LoadModule asis_module        modules/mod_asis.so
LoadModule imap_module        modules/mod_imap.so
LoadModule action_module      modules/mod_actions.so
# LoadModule speling_module     modules/mod_speling.so
LoadModule userdir_module     modules/mod_userdir.so
LoadModule proxy_module       modules/libproxy.so
LoadModule alias_module       modules/mod_alias.so
LoadModule rewrite_module     modules/mod_rewrite.so
LoadModule access_module      modules/mod_access.so
LoadModule auth_module        modules/mod_auth.so
LoadModule anon_auth_module   modules/mod_auth_anon.so
# LoadModule dbm_auth_module    modules/mod_auth_dbm.so
# LoadModule db_auth_module     modules/mod_auth_db.so
LoadModule digest_module      modules/mod_digest.so
# LoadModule cern_meta_module   modules/mod_cern_meta.so
LoadModule expires_module     modules/mod_expires.so
LoadModule headers_module     modules/mod_headers.so
LoadModule usertrack_module   modules/mod_usertrack.so
# LoadModule example_module     modules/mod_example.so
# LoadModule unique_id_module   modules/mod_unique_id.so
LoadModule setenvif_module    modules/mod_setenvif.so

# Reconstruction of the complete module list from all available modules
# (static and shared ones) to achieve correct module execution order.
# AddModule mod_mmap_static.c
# AddModule mod_vhost_alias
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_log_agent.c
AddModule mod_log_referer.c
# AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_info.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
# AddModule mod_speling.c
AddModule mod_userdir.c
AddModule mod_proxy.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_auth_anon.c
# AddModule mod_auth_dbm.c
# AddModule mod_auth_db.c
AddModule mod_digest.c
# AddModule mod_cern_meta.c
AddModule mod_expires.c
AddModule mod_headers.c
AddModule mod_usertrack.c
# AddModule mod_example.c
# AddModule mod_unique_id.c
AddModule mod_so.c
AddModule mod_setenvif.c

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.

ServerAdmin root@localhost

# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e. use
# "www" instead of the host's real name).

# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.

ServerName linux.dom

# ----------------- Name Space and Server Settings ---------------------
# In this section, you define the name space that users see of your http
# server.  This file also defines server settings which affect how requests are
# serviced, and how results should be formatted.
# This used to be a separate file. Now part of httpd.conf
# (srm.conf -- Apache HTTP server configuration file)

# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.

DocumentRoot /home/httpd/html

# ErrorLog: The location of the error log file. If this does not start
# with /, ServerRoot is prepended to it.

ErrorLog logs/error_log
ScriptAlias /protected-cgi-bin/ /home/httpd/protected-cgi-bin/

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.

# User/Group: The name (or #number) of the user/group to run httpd as.
# On SCO (ODT 3) use User nouser and Group nogroup
# On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group nobody on these systems!

User www
Group www
Options ExecCgi Includes Indexes
<Location /server-status>
SetHandler server-status

order deny,allow
deny from all
allow from localhost,

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.

ServerAdmin root@localhost

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.

ServerAdmin root@localhost

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.

ServerAdmin root@localhost

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.

ServerAdmin root@localhost

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.

ServerAdmin root@localhost

# #
# # httpd.conf -- Apache HTTP server configuration file
# #
# This is the main server configuration file. See URL http://www.apache.org/
# for instructions.
# Do NOT simply read the instructions in here without understanding
# what they do, if you are unsure consult the online docs. You have been
# warned.
# Originally by Rob McCool
# ---------------------- Use *ONLY* httpd.conf ---------------------------

# With all new apache versions, use of access.conf and srm.conf are
# deprecated. We only use httpd.conf.

# These 2 directives are needed by some modules, for example FrontPage

ResourceConfig /dev/null
AccessConfig /dev/null

# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is recieved.

UserDir public_html

# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index.  Separate multiple entries with spaces.

DirectoryIndex index.html index.htm index.shtml index.cgi  Default.htm default.htm

# FancyIndexing is whether you want fancy directory indexing or standard

FancyIndexing on

# AddIcon tells the server which icon to show for different files or filename
# extensions

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^

# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.

DefaultIcon /icons/unknown.gif

# AddDescription allows you to place a short description after a file in
# server-generated indexes.
# Format: AddDescription "description" filename

# ReadmeName is the name of the README file the server will look for by
# default. Format: ReadmeName name

# The server will first look for name.html, include it if found, and it will
# then look for name and include it as plaintext if found.

# HeaderName is the name of a file which should be prepended to
# directory indexes.

ReadmeName README
HeaderName HEADER

# IndexIgnore is a set of filenames which directory indexing should ignore
# Format: IndexIgnore name1 name2...

IndexIgnore .??* * *# HEADER* README* RCS

# AccessFileName: The name of the file to look for in each directory
# for access control information.

AccessFileName .htaccess

# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.

TypesConfig /etc/httpd/conf/apache-mime.types

# DefaultType is the default MIME type for documents which the server
# cannot find the type of from filename extensions.

DefaultType text/plain

# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
# information on the fly. Note: Not all browsers support this.

AddEncoding x-compress Z
AddEncoding x-gzip gz

# AddLanguage allows you to specify the language of a document. You can
# then use content negotiation to give a browser a file in a language
# it can understand.  Note that the suffix does not have to be the same
# as the language keyword --- those with documents in Polish (whose
# net-standard language code is pl) may wish to use "AddLanguage pl .po"
# to avoid the ambiguity with the common suffix for perl scripts.

AddLanguage en .en
AddLanguage fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage el .el
AddLanguage it .it

# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
# Just list the languages in decreasing order of preference.

LanguagePriority en fr de

# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Format: Redirect fakename url

# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname

# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL.  So "/icons" isn't aliased in this
# example.

Alias /icons/ /home/httpd/icons/

# If you want to use server side includes, or CGI outside
# ScriptAliased directories, uncomment the following lines.

# AddType allows you to tweak mime.types without actually editing it, or to
# make certain files to be certain types.
# Format: AddType type/subtype ext1

# For example, the PHP3 module (not part of the Apache distribution)
# will typically use:
AddType application/x-httpd-php3 .php3 .phtml .php
AddType application/x-httpd-php3-source .phps
# The following is for PHP/FI (PHP2):
# AddType application/x-httpd-php .phtml

# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below)
# Format: AddHandler action-name ext1

# To use CGI scripts:
AddHandler cgi-script .cgi

# To use server-parsed HTML files
AddType text/html .shtml
AddHandler server-parsed .shtml

# Uncomment the following line to enable Apache's send-asis HTTP file
# feature
# AddHandler send-as-is asis

# If you wish to use server-parsed imagemap files, use
AddHandler imap-file map

# To enable type maps, you might want to use
# AddHandler type-map var

# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location

# MetaDir: specifies the name of the directory in which Apache can find
# meta information files. These files contain additional HTTP headers
# to include when sending the document

# MetaDir .web

# MetaSuffix: specifies the file name suffix for the file containing the
# meta information.

# MetaSuffix .meta

# Customizable error response (Apache style)
# these come in three flavors

# 1) plain text
# ErrorDocument 500 "The server made a boo boo.
# n.b.  the (") marks it as text, it does not get output

# 2) local redirects
# ErrorDocument 404 /missing.html
# to redirect to local url /missing.html
# ErrorDocument 404 /cgi-bin/missing_handler.pl
# n.b. can redirect to a script or a document using server-side-includes.

# 3) external redirects
# ErrorDocument 402 http://some.other_server.com/subscription_info.html

# mod_mime_magic allows the server to use various hints from the file itself
# to determine its type.
# MimeMagicFile /etc/httpd/conf/magic

# The following directives disable keepalives and HTTP header flushes.
# The first directive disables it for Netscape 2.x and browsers which
# spoof it. There are known problems with these.
# The second directive is for Microsoft Internet Explorer 4.0b2
# which has a broken HTTP/1.1 implementation and does not properly
# support keepalive when it is used on 301 or 302 (redirect) responses.

BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

# The following directive disables HTTP/1.1 responses to browsers which
# are in violation of the HTTP/1.0 spec by not being able to grok a
# basic 1.1 response.

BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

# Allow access to local system documentation from localhost
Alias /doc /usr/doc

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.

ServerAdmin root@localhost

# BindAddress: You can support virtual hosts with this option. This option
# is used to tell the server which IP address to listen to. It can either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the VirtualHost directive.

# BindAddress *

Listen 80

# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.

LogLevel warn

# The following directives define some format nicknames for use with
# a CustomLog directive (see below).

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# The location of the access logfile (Common Logfile Format).
# If this does not start with /, ServerRoot is prepended to it.

# CustomLog logs/access_log common

# If you would like to have an agent and referer logfile uncomment the
# following directives.

# CustomLog logs/referer_log referer
# CustomLog logs/agent_log agent

# If you prefer a single logfile with access, agent and referer information
# (Combined Logfile Format) you can use the following directive.

CustomLog logs/access_log combined

# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.

LockFile /etc/httpd/httpd.lock

# UseCanonicalName:  (new for 1.3)  With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a url that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name.  With this setting off, Apache will
# use the hostname:port that the client supplied, when possible.  This
# also affects SERVER_NAME and SERVER_PORT in CGIs.
UseCanonicalName on

# Proxy Server directives. Uncomment the following line to
# enable the proxy server:

 ProxyRequests On

# To enable the cache as well, edit and uncomment the following lines:

 CacheRoot /var/cache/httpd
 CacheSize 10
 CacheGcInterval 4
 CacheMaxExpire 24
 CacheLastModifiedFactor 0.1
 CacheDefaultExpire 1
# NoCache a_domain.com another_domain.edu joes.garage_sale.com

# ###################################
# Add-on Modules and Virtual Hosts #
# ###################################

# Each time we install an add-on module , the post-install script of the RPM
# adds an "Include" line to read the configuration for that module. When we
# remove the module, we keep the Include line, but we zero out the config
# file so Apache doesn't complain.

# We also put virtual hosts "Includes" in this section. This will be used by
# administration scripts. Instead of parsing all httpd.conf to modify a
# vhost, we just include the config file. Every vhost has its own config
# file.

Include conf/vhosts/vhost0.conf

Include conf/addon-modules/midgardphp3.conf

<Directory />
      Options Includes Indexes FollowSymlinks
      AllowOverride AuthConfig FileInfo Indexes Limit Options

<Directory /home/*/public_html>

# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".

# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.

      Options ExecCgi Includes Indexes FollowSymlinks

# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"

      AllowOverride AuthConfig FileInfo Indexes Limit Options

# Controls who can get stuff from this server.

order allow,deny
allow from all

<Directory /home/httpd/cgi-bin>
      Options ExecCgi
      AllowOverride AuthConfig FileInfo Indexes Limit Options

<Directory /home/httpd/protected-cgi-bin>
      Options ExecCgi
      AllowOverride AuthConfig FileInfo Indexes Limit Options
# allow from .your_domain.com
order deny,allow
deny from all
allow from localhost

<Directory /usr/doc>
# allow from .your_domain.com
      Options Indexes FollowSymlinks
      AllowOverride AuthConfig FileInfo Indexes Limit Options
order deny,allow
deny from all
allow from localhost,
Who is Participating?
/home/jyu_88 has to have the following permissions:  drwx---r-x

Issue the command as the root user:  chmod o+u /home/jyu_88

You also need to make sure all of the files in /home/jyu_88/public_html are world-readable as well.  The command "chmod -R o+r /home/jyu_88/public_html/*" should take care of that.
you need user 'other folks' to able to go down your home dir, then public_html then any under
find $HOME/public_html -type d -exec chmod o+x {} \;
chmod o+x $HOME

Then whatever file you need to access from the web,
you need to grant permission to allow others to see as well
find $HOME/public_html -type f -exec chmod o+r {} \;

unix permission is segmented to 3 groups: owner, owner's group memebers, others. browser access belong to others in most cases. Each permission group has either Read,  Write, eXecute or  none.
jblandroAuthor Commented:
Im not sure I understood all you wrote. I have the following configuration (example):/home/jyu_88/public_html . When my users are beein created - they are created as smb (I also use my linuxbox as a samba server)the directories have the following permission:
/home drwxr-xr-x
/home/jyu_88 drwx------
/home/jyu_88/public_html drwxr-xr-x

Is "find $HOME/public_html -type d -exec chmod o+x {} \;
chmod o+x $HOME " a command i should run?
Sorry im rather new to this - but im learning :)


Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

w00d changed the proposed answer to a comment
jblandroAuthor Commented:
If i use "find $HOME/public_html -type d -exec chmod o+x {} \;
chmod o+x $HOME" i get the error: "missing argument to `-exec´"
If i drop the "find" i get the error: "/home/jyu_88/public_html is a directory"
jblandroAuthor Commented:
Great - Thanks. Now it works. But one last question (I have already accepted your answer) I have to do this on every account??

Thank you for your help!

Forget about doing the find command.  The /home/jyu_88/public_html directory (in your example above) already has the correct permissions.  If you issue the commands below as root, the permissions should be set correctly and people should be able to see your user's web page.

chmod o+x $HOME
chmod -R o+r /home/jyu_88/public_html/*
two find statement I put up is to set x bit for other users for all dir under $HOME/public_html and set r bit for all files under.
the ending '\;' is important, you will get the error you got without it.

the r bit on directory is not necessary and should be removed, otherwise malicious client can list your directory contents and expose files you don't mean to for everybody

To change permission for everybody's public_html
#! /bin/sh

for i in user1 user2 user3 user4
find /home/$i/public_html -type d -exec chmod 701 {} \;
find /home/$i/public_html -type f -exec chmod 604 {} \;
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.