Apache confuses me

Tim ignored_mailbox at yahoo.com.au
Mon Mar 24 12:42:55 UTC 2014


Allegedly, on or about 24 March 2014, Roger sent:
> Fedora 19 and centos 6.5
> 
> I set up Centos 6.5 to teach myself about setting up a server in my 
> spare time.
>   In both I have /var/www/html both have index.html test files which 
> work as expected.
> 
> I set up folders  /var/www/test_folder and put an index.html in each
> 
> httpd.conf has DirectoryRoot as /var/www not /var/www/html

Not, generally, a good idea, as there are other things inside /var/www,
that are supposed to be kept outside of the directory root.  For home
testing on a LAN this oughtn't to be a problem, unless you have
untrustworthy people on your LAN.  If you don't like /var/www/html then
you could set the directory root as /var/www/whatever-else-you-prefer,
as your test_folder example, above.

> In /etc/httpd/conf/httpd.conf in both I have
> <Directory /var/www/test_folder>
>          Options Indexes FollowSymLinks
>          AllowOverride All
>          Require all granted
> </Directory>
> 
> and in /var/www/html in  both I have test_folder2
> <Directory /var/www/test_folder>
>          Options Indexes FollowSymLinks
>          AllowOverride All
>          Require all granted
> </Directory>

"Require all granted" is a new one on me - the "all granted" bit, that
is.  Check the manual about that.

> test_folder and it's index.html are 775. I have tried changing ownership 
> from user:user to user:root and user:apache but errors persist.
> I can access the latter with localhost/test_folder2/index.html but 
> cannot access folders in /var/www I don't particularly want everything 
> in /var/www/html/
>   I get error You do not have permission to access
> What am I missing in this scenario.

In general, don't allow apache to own (as user, nor group) the files, as
this can allow write access to files, and presents a security risk.
Usually, let the author own the files, as user and group.  You can have
an alternative group own the files, if you play with using group
permissions with your users.

How are *all* your directory permissions set?  You need world read and
execute access to all the directories that hold your webserveble files,
and their parents.

i.e. /var/ and /var/www/ and /var/www/whatever... all need to have r-x
permissions in the "other" permissions group.  The user and group
permissions are ignored, as far as webserving is concerned.

/var/www/   rwx rwx r-x
            ^^^ ~~~ ``` 

  ^^^    user/owner/author
  ~~~    group ownership
  ```    everyone else

Alternatively, what you're might be getting stuck on is SELinux.  By
default, the system will automatically put web serving file contexts on
files that are written into standard web serving locations on the
directory tree, such as ~/public_html/ and /var/www/html/.  You're using
a non-standard location, so that leaves you with several work-arounds:

     1. Switch to using a standard location.
     2. Manually change the SELinux contexts for your unusually located
        files, and keep on having to do that.
     3. Set up a new SELinux rule to apply webserving access permissions
        to your unusual location, so it's automatically taken care of.
     4. Disable SELinux (not really a good idea).


-- 
[tim at localhost ~]$ uname -rsvp
Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64

All mail to my mailbox is automatically deleted, there is no point
trying to privately email me, I will only read messages posted to the
public lists.

George Orwell's '1984' was supposed to be a warning against tyranny, not
a set of instructions for supposedly democratic governments.





More information about the users mailing list