fedora 4 + apache + forbidden
Raul
raul at c3-po.info
Sun Dec 25 09:29:26 UTC 2005
Tim wrote:
>On Fri, 2005-12-23 at 10:55 +0000, Raul wrote:
>
>
>>lrwxrwxrwx 1 root root 13 Dec 22 01:10 ldap -> phpldapadmin/
>>-rw-r--r-- 1 root root 22 Dec 17 21:25 php_info.php
>>drwxrwxr-x 7 apache apache 4096 Dec 21 23:55 phpldapadmin
>>lrwxrwxrwx 1 root root 20 Dec 17 23:56 phpmyadmin -> phpMyAdmin-2.7.0-pl1
>>drwxr-xr-x 7 apache apache 4096 Dec 22 00:13 phpMyAdmin-2.7.0-pl1
>>drwxr-xr-x 8 apache apache 4096 Dec 17 21:46 scarecrow
>>drwxr-xr-x 2 root root 4096 Dec 22 01:10 test
>>
>>
>
>A tip about something else:
>
>It's not usually a good idea to put files into the webspace as owned by
>apache. You're giving the server write access to those files, that way,
>and that may be remotely exploitable.
>
>Usually, they're owned by someone else, and given world readable, and
>world-executable (where needed) permissions, for the server to allow the
>WWW to see them.
>
>
>
>>As I said am having all the defaults on apache (users etc.) however am
>>not able to access the folder phpldapadmin by http://azul/phpldapadmin,
>>but I do access it via http://azul/ldap which is a soft link to
>>phpldapadmin. The error message am getting is a simple forbidden. Since
>>I can access tru the link is not a real problem, but I don't know why I
>>cannot make it tru the original.
>>
>>Things I changed on the conf file are
>>
>> AllowOverride All
>>
>> UserDir public_html
>>
>>everything else is the defaults.
>>
>>P.S. am getting the sam error when doing http://azul/~user/
>>
>>
>
>I can't think of the reason for your phpldapadmin access problem off the
>top of my head, but SELinux could be one (particularly with the ~user
>one). And in the case of the user homespace one, you need to make their
>public_html world readable and executable, and *all* the parent
>directories (right down to /home) world executable, as well as
>appropriate SELinux contexts and rules (if you're using SELinux).
>
>
>
Tim,
Thanks for your answer, you are right on the 'tip' of ownership. I also
thought it could be related to SELinux, as this was the case with Samba,
but am not too familiar with SELinux, but however it all seems to me to
be the same at least at first glance. If I do a ls -Z -d on the html
folder I get:
[root at azul html]# ls -Z -d *
drwxr-sr-t sanchez sanchez root:object_r:httpd_sys_content_t adds
lrwxrwxrwx root root root:object_r:httpd_sys_content_t ldap ->
phpldapadmin/
-rw-r--r-- sanchez sanchez root:object_r:httpd_sys_content_t php_info.php
drwxrwxrwx sanchez sanchez root:object_r:httpd_sys_content_t phpldapadmin
lrwxrwxrwx root root root:object_r:httpd_sys_content_t
phpmyadmin -> phpMyAdmin-2.7.0-pl1
drwxr-xr-x sanchez sanchez root:object_r:httpd_sys_content_t
phpMyAdmin-2.7.0-pl1
drwxr-xr-x sanchez sanchez root:object_r:httpd_sys_content_t scarecrow
drwxr-xr-x sanchez sanchez root:object_r:httpd_sys_content_t test
Or in the ~ folder
ls -Z -d ~sanchez/public_html/
drwxrwsrwt sanchez sanchez root:object_r:httpd_sys_content_t
/home/sanchez/public_html/
Well I guess am gonna have to read much more about SELinux, thanks again.
More information about the users
mailing list