?
Solved

Unable to access User pages

Posted on 2006-03-29
13
Medium Priority
?
244 Views
Last Modified: 2010-03-04
Hello Experts,

I am facing problem accessing user pages using Apache on Redhat 9. As per guidelines I have enabled UserDir in Apache config. I have given proper file permissions 711 to User directory and 755 to public_html.

Whenever I am trying to access user pages using http://myhost/~user I am getting error "forbidden you don't have permission access....". Apache error log shows error "[Thu Mar 30 03:16:02 2006] [error] [client *.*.132.191] (13)Permission denied: access to /~mukund/index.html denied" whereas without specifying the user am able to view apache test page.

I am really confused and not able to locate the problem. What is gone wrong and how to resolve this problem ?

Following is the http conf...
<IfModule mod_userdir.c>
    #UserDir disable
    UserDir public_html
</IfModule>
<Directory /home/*/public_html>
#    AllowOverride FileInfo AuthConfig Limit
#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    AllowOverride None
    Options FollowSymLinks
    <Limit GET POST OPTIONS>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST OPTIONS>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>
0
Comment
Question by:mukund1973
  • 6
  • 4
  • 3
13 Comments
 
LVL 27

Expert Comment

by:caterham_www
ID: 16328086
> What is gone wrong and how to resolve this problem ?

filesystem permissions. So your files are readable to the apache user and all dirs above (e.g. /home/) have the x-bit set so that they are sarchable?
May be a selinux problem/policy setting?
0
 

Author Comment

by:mukund1973
ID: 16329774
my user directory file permissions are 711 and public_html files permissions are 755. I have tried same settings on different linux box and its working properly there. both the linux box having same installation and setup.
0
 

Author Comment

by:mukund1973
ID: 16329797
following are the file permissions for my user directory
drwx--x--x  3 mukund     mukund 4096 Mar 30 04:59 mukund

and public_html
drwxr-xr-x  2 mukund mukund 4096 Mar 30 02:44 public_html

any clue ?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 3

Expert Comment

by:gileze33
ID: 16330026
Hi mukund1973.

I will show you what I have setup working on my server at home:

Basically, change the lines:

#    AllowOverride FileInfo AuthConfig Limit
#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    AllowOverride None
    Options FollowSymLinks

To be:

MultiViews
Options All
AllowOverride None

Hope this helps!

Giles Williams,
CEO, QLE Internet Services.
http://www.qlehosting.com/
http://www.qledesign.com/
http://www.qleis.com/
0
 
LVL 27

Expert Comment

by:caterham_www
ID: 16332936
I was talking about the dirs up to your user dir "/home/mukund/", so /home/ must be searchable for the user defined in the configuration (User directive), too.

Try to set the directory permissions for the directories /home/    /home/mukund/    /home/mukund/public_html/ to 701 (rwx-----x, that should be enough)
and all files to 704 (rwx---r--)

Try also to restart the httpd process.

Have you selinux enabled?
0
 

Author Comment

by:mukund1973
ID: 16355023
Sorry experts...I wasnt online due to illness. So wasnt able to reply on time.

Hi gileze33 ....i tried to change the config as per your suggessions but in vain....didnt work.

caterham..selinux is enabled at my linux box. also my file permissions are as per your suggession. but that didnt solved my problem yet!

I have already mentioned settings I am having in apache conf and file permissions..with same setup on other linux machine its working fine...

Is there anything wrong or missing ?
I have enabled iptables but I think that might not be a problem as I tried to access userpages by disabling the iptables but that too didnt worked.
0
 
LVL 3

Expert Comment

by:gileze33
ID: 16355030
Hi There.

Just out of interest, are you sure you are editing the write conf file?

What is its filename?

And, also, check to see that there are not duplicate files on the server.

Giles Williams.
0
 

Author Comment

by:mukund1973
ID: 16355107
am bit sure that am editing right conf file. location of the httpd.con is /etc/httpd/conf. my server is using this file only.
0
 
LVL 3

Expert Comment

by:gileze33
ID: 16355124
Hi There.

If possible, could you post entire contents of conf file for analysis?

Thanks.
0
 
LVL 27

Expert Comment

by:caterham_www
ID: 16355271
> selinux is enabled

Did you check /var/log/messages (or similar)? There should be a kernel audit error.

try

chcon -R -h -t httpd_sys_content_t $HOME/public_html
0
 

Author Comment

by:mukund1973
ID: 16364514
hi caterham

it worked!  Thanks a ton for your expert help! and I appreciate all the expert who replied to this possibly silly question!

I checked /var/log/messages and found kernel audit error. Although I really not understood what is it! I tried chcon and it worked! my userpages are now accessible.

by the way before closing this question could you please explain me whats the kernel audit error and chcon command all about?
or guide me where can i get proper knowledge about it ? I do not have much expertise on linux yet!

0
 
LVL 27

Accepted Solution

by:
caterham_www earned 1320 total points
ID: 16366777
This is caused by SELinux. The SELinix label settings forbid access to that dir. SELinux is a kernal enhancement, so the filesystemoperation fails, because th kernal says "no".

chcon = change security context. It changes the SELinux label

httpd_sys_content_t is a label from SELinux for .html / static files. (httpd_sys_script_exec_t would permit CGI execution).

-R = recursive. So if there are other subfolders with different label settings in place, they're changed, too.

-h = symbolic links are modifyed, too.

-t is the qualifier to modify the the label of the directory (here to to httpd_sys_content_t).
0
 

Author Comment

by:mukund1973
ID: 16375931
Thanks caterham_www.

Aprciated your expert advice. Nice to meet you and other expert advisers here!
Thankx to Expert Exchange too.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
Suggested Courses
Course of the Month8 days, 7 hours left to enroll

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question