From mweisman@gci.net Sun Sep 10 19:45:51 2000 Received: from mxu3.u.washington.edu (mxu3.u.washington.edu [140.142.33.7]) by lists.u.washington.edu (8.9.3+UW00.05/8.9.3+UW99.09) with ESMTP id TAA169520 for ; Sun, 10 Sep 2000 19:45:51 -0700 Received: from mta-1.gci.net (mta-1.gci.net [208.138.130.82]) by mxu3.u.washington.edu (8.9.3+UW00.02/8.9.3+UW99.09) with ESMTP id TAA08382 for ; Sun, 10 Sep 2000 19:45:50 -0700 Received: from mmp-2.gci.net ([208.138.130.81]) by mta-1.gci.net (Netscape Messaging Server 4.15) with ESMTP id G0PBOP01.VAW for ; Sun, 10 Sep 2000 18:46:01 -0800 Received: from OUTLANDR ([24.237.2.96]) by mmp-2.gci.net (Netscape Messaging Server 4.15) with SMTP id G0PBOP02.P28 for ; Sun, 10 Sep 2000 18:46:02 -0800 Reply-To: From: "Mark Weisman" To: Subject: RE: Questions about apache? Date: Sun, 10 Sep 2000 18:50:57 -0800 Message-ID: <000e01c01b9b$1d429ec0$4c00a8c0@outland> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 In-Reply-To: Mike, Sorry for the delay in returning your email, I had a 3COM card blowup and then I lost my primary hard drive. What a week! Recently, my upstream had some serious issues with their servers causing a long outage, and loss at my end. Anyway in return to your email. /etc/httpd/error_log This is the last entry in the error_log file. [Sun Sep 10 16:58:14 2000] [error] [client 24.237.2.96] client denied by server configuration: /web/html ls - la for the /web/html folder is as follows drwxr-xr-x 2 root root 4096 Sep 10 16:57 . drwxr-xr-x 6 root root 4096 Sep 10 16:56 .. -rw-r--r-- 1 root root 2511 Sep 10 16:57 index.html -rw-r--r-- 1 root root 1154 Sep 10 16:57 poweredby.png Finally, the user and group and documentroot directives in the httpd.conf # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. DocumentRoot "/web/html" # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # User/Group: The name of the user/group to run httpd as. # . On SCO use "User nouser" and "Group nogroup". # . On HPUX you may not be able to use shared memory as nobody. and the # suggested workaround is to create a user www and use that user. # NOTE that some kernels refuse to setgid or semctl # when the value of Group is above 60000; # don't use Group nobody on these systems! User nobody Group nobody I can forward copies of any of the above files if it will help get past this silly permission thing, I have reset the server back up, and pointed all the different files to the /web/html subdirectory. I am getting a message back from the browser of: Forbidden You don't have permission to access / on this server. Apache/1.3.12 Server at www.infinitevisions.ws Port 80 I do not know if the upstream provider has my static IP Address setup correctly, and I am almost sure that they have not bound my new MAC address to the address? Could that be the problem? Any information would be greatly appreciated. God Bless, Mark -----Original Message----- From: LINUX-owner@u.washington.edu [mailto:LINUX-owner@u.washington.edu]On Behalf Of Mike Sent: Monday, September 04, 2000 12:24 PM To: UW Linux Group Subject: RE: Questions about apache? Look in /etc/httpd/logs/error_log for helpful messages about what might be causing the problem. Show us an 'ls -la' in /web/www and show us what the "User" and "Group" and "DocumentRoot" directives are set to in httpd.conf. --------------------------- -=<(| mike@boobaz.net |)>=- On Mon, 4 Sep 2000, Mark Weisman wrote: |I've reset all the group rights to the files in question, and assigned |ownership based on the egrep statement, however, I am still getting the same |error. I have restarted the system, and services, to no avail. I am still |unable to login to the web based stuff. | |My documentroot is /web/www, and the user and group is "nobody". I have |reassigned both the /web subdirectory, and the /web/www subdirectories. Do I |need to re-assign the subdirectory that the httpd.conf file is in? Do I need |to re-assign the root? | | |Any help, |Mark Weisman | |-----Original Message----- |From: LINUX-owner@u.washington.edu |[mailto:LINUX-owner@u.washington.edu]On Behalf Of Mike |Sent: Monday, September 04, 2000 2:12 AM |To: UW Linux Group |Subject: Re: Questions about apache? | | |On Mon, 4 Sep 2000, C. Mills wrote: | || This means that the user which apache is running under (usually httpd) ||does not have premission to access the document root ||(usually /home/httpd/httpd/html or /home/httpd/html) or the index.html ||file in the document root. || You need to change the premissions on that directory and/or file. To | |On RedHat, 'egrep "^User|^Group" /etc/httpd/conf/httpd.conf' will tell you |which user/group the web server is configured to run as. The |"DocumentRoot" directory and all of its contents (which you want to be |available on the web) must be available to this user and/or group. I |would suggest that the best way to allow this is to make every file and |directory in your web area be owned ('man chgrp') by the group specified |in the configuration file. Each directory must grant at least |read/execute permissions to this group and each file must grant at least |read permission to the group the web server runs as. Example: | |$ egrep "^User|^Group" /etc/httpd/conf/httpd.conf |User nobody |Group www |$ egrep "^DocumentRoot" /etc/httpd/conf/httpd.conf |DocumentRoot /home/httpd/html |$ ls -la /home/httpd/html |drwxr-s--- 14 mike www 1024 Jul 27 09:44 . |[...] |-rw-r----- 1 mike www 662 Jul 27 09:30 index.html |[...] | | ||recursively, so "chmod -R 744 *" would change the premissions on all file ||and directories in the current one and continue doing that in all the ||directories above the current until it runs out of directories. | |Using "*" would not recurse backwards through your filesystem, nor would |it modify the current directory. It would modify all files and |directories in the current working directory which do not begin with a |".". Be careful with recursion and shell wildcards... | |--------------------------- |-=<(| mike@boobaz.net |)>=- | | .