Unable to access User pages

Hello Experts,

I am facing problem accessing user pages using Apache on Redhat 9. As per guidelines I have enabled UserDir in Apache config. I have given proper file permissions 711 to User directory and 755 to public_html.

Whenever I am trying to access user pages using http://myhost/~user I am getting error "forbidden you don't have permission access....". Apache error log shows error "[Thu Mar 30 03:16:02 2006] [error] [client *.*.132.191] (13)Permission denied: access to /~mukund/index.html denied" whereas without specifying the user am able to view apache test page.

I am really confused and not able to locate the problem. What is gone wrong and how to resolve this problem ?

Following is the http conf...
<IfModule mod_userdir.c>
    #UserDir disable
    UserDir public_html
</IfModule>
<Directory /home/*/public_html>
#    AllowOverride FileInfo AuthConfig Limit
#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    AllowOverride None
    Options FollowSymLinks
    <Limit GET POST OPTIONS>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST OPTIONS>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>
mukund1973Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

caterham_wwwCommented:
> What is gone wrong and how to resolve this problem ?

filesystem permissions. So your files are readable to the apache user and all dirs above (e.g. /home/) have the x-bit set so that they are sarchable?
May be a selinux problem/policy setting?
0
mukund1973Author Commented:
my user directory file permissions are 711 and public_html files permissions are 755. I have tried same settings on different linux box and its working properly there. both the linux box having same installation and setup.
0
mukund1973Author Commented:
following are the file permissions for my user directory
drwx--x--x  3 mukund     mukund 4096 Mar 30 04:59 mukund

and public_html
drwxr-xr-x  2 mukund mukund 4096 Mar 30 02:44 public_html

any clue ?
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

gileze33Commented:
Hi mukund1973.

I will show you what I have setup working on my server at home:

Basically, change the lines:

#    AllowOverride FileInfo AuthConfig Limit
#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    AllowOverride None
    Options FollowSymLinks

To be:

MultiViews
Options All
AllowOverride None

Hope this helps!

Giles Williams,
CEO, QLE Internet Services.
http://www.qlehosting.com/
http://www.qledesign.com/
http://www.qleis.com/
0
caterham_wwwCommented:
I was talking about the dirs up to your user dir "/home/mukund/", so /home/ must be searchable for the user defined in the configuration (User directive), too.

Try to set the directory permissions for the directories /home/    /home/mukund/    /home/mukund/public_html/ to 701 (rwx-----x, that should be enough)
and all files to 704 (rwx---r--)

Try also to restart the httpd process.

Have you selinux enabled?
0
mukund1973Author Commented:
Sorry experts...I wasnt online due to illness. So wasnt able to reply on time.

Hi gileze33 ....i tried to change the config as per your suggessions but in vain....didnt work.

caterham..selinux is enabled at my linux box. also my file permissions are as per your suggession. but that didnt solved my problem yet!

I have already mentioned settings I am having in apache conf and file permissions..with same setup on other linux machine its working fine...

Is there anything wrong or missing ?
I have enabled iptables but I think that might not be a problem as I tried to access userpages by disabling the iptables but that too didnt worked.
0
gileze33Commented:
Hi There.

Just out of interest, are you sure you are editing the write conf file?

What is its filename?

And, also, check to see that there are not duplicate files on the server.

Giles Williams.
0
mukund1973Author Commented:
am bit sure that am editing right conf file. location of the httpd.con is /etc/httpd/conf. my server is using this file only.
0
gileze33Commented:
Hi There.

If possible, could you post entire contents of conf file for analysis?

Thanks.
0
caterham_wwwCommented:
> selinux is enabled

Did you check /var/log/messages (or similar)? There should be a kernel audit error.

try

chcon -R -h -t httpd_sys_content_t $HOME/public_html
0
mukund1973Author Commented:
hi caterham

it worked!  Thanks a ton for your expert help! and I appreciate all the expert who replied to this possibly silly question!

I checked /var/log/messages and found kernel audit error. Although I really not understood what is it! I tried chcon and it worked! my userpages are now accessible.

by the way before closing this question could you please explain me whats the kernel audit error and chcon command all about?
or guide me where can i get proper knowledge about it ? I do not have much expertise on linux yet!

0
caterham_wwwCommented:
This is caused by SELinux. The SELinix label settings forbid access to that dir. SELinux is a kernal enhancement, so the filesystemoperation fails, because th kernal says "no".

chcon = change security context. It changes the SELinux label

httpd_sys_content_t is a label from SELinux for .html / static files. (httpd_sys_script_exec_t would permit CGI execution).

-R = recursive. So if there are other subfolders with different label settings in place, they're changed, too.

-h = symbolic links are modifyed, too.

-t is the qualifier to modify the the label of the directory (here to to httpd_sys_content_t).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mukund1973Author Commented:
Thanks caterham_www.

Aprciated your expert advice. Nice to meet you and other expert advisers here!
Thankx to Expert Exchange too.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.