Web Server Config / Permissions are write and get Forbidden

[mgbaron]

Hi,

I appreciate you taking the time to read this and help me.

Im trying to set up virtual hosts on my server in the form

192.168.0.100:9001 --> /home/webadmin/domain.com/html

This is my virtual host entry

<VirtualHost 192.168.0.100:9001>
ServerAdmin email@domain.com
DocumentRoot /home/webadmin/domain.com/html
ServerName domain.com
</VirtualHost>

I also have the server listening on port 9001.

All of the files in the folder have permissions set to 755 and are owned webadmin in the users group. I wasn't sure if it would help, but I also added the webadmin user to the apache group.

The problem is, when I try to access the page I get a 403 Forbidden. It also says this:

"Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."

If anyone has any ideas, please let me know.

~matt

[Dolda2000]

Do all the ancestor directories have traverse permission for the apache user as well?

Also, what does it say in the error_log?

[mgbaron]

Do all the ancestor directories have traverse permission for the apache user as well?

Also, what does it say in the error_log?

Hi,

Thanks for the fast response. Here is a sample from the apache error log:

[Fri Nov 12 18:56:50 2004] [error] [client 192.168.0.100] (13)Permission denied: access to /index.html denied
[Fri Nov 12 18:56:50 2004] [error] [client 192.168.0.100] (13)Permission denied: access to /favicon.ico denied


Im not sure exactly what you mean by "traverse permissions" but here are the permissions on the parent directories:


drwxr-xr-x 5 root root 4096 Nov 12 14:07 home

drwxrwxrwx 6 webadmin users 4096 Nov 12 17:07 webadmin

drwxrwxrwx 3 webadmin users 4096 Nov 12 15:05 domain.com

drwxrwxrwx 2 webadmin users 4096 Nov 12 15:10 html

I have set them all to 777 for debugging.

Thanks,

Matt

[mgbaron]

Another thing to note is that I created these folders and files as root and then chgrp, and chowned them to webadmin, users. I assume that doesnt make a difference.

Matt

[Dolda2000]

It seems those permissions are correct. The exec permission is called traverse permission on directories.

Are you sure that the access rights in httpd.conf are set up properly to allow access in these directories?

[mgbaron]

It seems those permissions are correct. The exec permission is called traverse permission on directories.

Are you sure that the access rights in httpd.conf are set up properly to allow access in these directories?

I'm not sure. How do you set the rights? I just made a virtual host entry.

[mgbaron]

It seems those permissions are correct. The exec permission is called traverse permission on directories.

Are you sure that the access rights in httpd.conf are set up properly to allow access in these directories?

I'm not sure. How do you set the rights? I just made a virtual host entry.

...And put a listen entry in.

I also attempted to switch the main DocumentRoot and that resulted in a test page, but didnt display the index.html file I had in there. When i realized switching this shouldnt be necessary, I switched it back.

[Dolda2000]

That would be the <Directory> config directives. Maybe you just need to enable access to /home and its subdirectories, with something like this:

Code:

<Directory /home/webadmin>
    AllowOverride FileInfo AuthConfig Limit Options
    Options MultiViews -Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST OPTIONS>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>

This is taken from my httpd.conf, except I changed /home/*/public_html to /home/webadmin.

[mgbaron]

That would be the <Directory> config directives. Maybe you just need to enable access to /home and its subdirectories, with something like this:

Code:

<Directory /home/webadmin>
    AllowOverride FileInfo AuthConfig Limit Options
    Options MultiViews -Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST OPTIONS>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>

This is taken from my httpd.conf, except I changed /home/*/public_html to /home/webadmin.

I think you might be on to something, however the entry you sent me kills my httpd. Here is the error:

httpd failed. The error was: Stopping httpd: [FAILED]
Starting httpd: Syntax error on line 533 of /etc/httpd/conf/httpd.conf:
Invalid command '\xc2\xa0', perhaps mis-spelled or defined by a module not included in the server configuration
[FAILED]

I'm trying to fix it myself, but if you have any ideas let me know.


Matt

[mgbaron]

That would be the <Directory> config directives. Maybe you just need to enable access to /home and its subdirectories, with something like this:

Code:

<Directory /home/webadmin>
    AllowOverride FileInfo AuthConfig Limit Options
    Options MultiViews -Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST OPTIONS>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>

This is taken from my httpd.conf, except I changed /home/*/public_html to /home/webadmin.

Ok,

I tried adding

<Directory "/home/webadmin/domain.com/html/">
Options Indexes MultiViews
AllowOverride None
Order allow, deny
Allow from all
</Directory>

and

<Directory "/home/webadmin/">
Options Indexes MultiViews
AllowOverride None
Order allow, deny
Allow from all
</Directory>


These will allow httpd to start, but don't fix the problem.