On Thursday 16 September 2004 17:07, Danny Sauer wrote:
steve-ss wrote regarding 'Re: [SLE] 403 forbidden access with apache2' on Thu, Sep 16 at 10:02:
On Thursday 16 September 2004 16:52, Danny Sauer wrote:
steve-ss wrote regarding '[SLE] 403 forbidden access with
apache2' on Thu, Sep 16 at 09:47:
Hi. We have a 200 user LAN under NIS and NFS with apache2 under 9.1 with all the YOU updates. The apache2 is untouched from when installed.
Some users can access their files in their public_home directory via the server and others can't getting a 403 message from Apache2. The permissions on the respective directories are identical.
Can anyone give me a starting point to tackle this one? Why can some gain access and some can't?
Are the permissions on the files and, probably more importantly, the parent directories identical? The web server needs to be able to get into the home dir ("other" execute bit needs set, but not read) in order to get to the public_html (or public_home, whatever).
--Danny
Hi. Yes they are. I've checked them a loads of times. What is the "'other' execute bit needs set but not read"? Surely they must be readable both the files and the directories no?
For a directory, the "read" bit allows directory listing, while the "execute" bit allows directory access. So, I usually make user home directories mode 751 or 711, depending on the user. That way, public_html still works, since it can be accessed via /home/user/public_html/, but people can't just list another user's home dir with "ls /home/user".
If homedirs are mode 750 or 700, then apache won't be able to get to public_html even if public_html is 755. The execute bit needs set, but the read bit doesn't need set. I didn't write that terribly clearly the first time. :)
--Danny
All my home directories (and the public_html below them) are : drwxr-xr-x That should let apache in no? What groups must the user belong to, if any? Thanks, Steve.