Re: Permission Still Denied with Moodle

[Yehuda Katz <yehuda@xxxxxxxxxx>]

1. For the "http://*my ip*/moodle" problem:

It appears that there are no vhosts at all, so that should not get in the way.

I should have listed this before too: Can you check if apache is listening on all ips?

netstat -ln | grep 80

2. For the localhost problem: 

I can't shake the feeling that this is SELinux related, since your permissions look OK.

Did you look at this wiki article? I don't want to suggest anything you already tried.

Did you try changing the SELinux context (I think the correct one should be httpd_sys_content_t)?

- Y

On Wed, Oct 9, 2013 at 7:34 PM, Timothy Curchod <timofeyc@xxxxxxxxxxx> wrote:

Thanks for the reply Yehuda.  Here is the info you asked about.

ls -l

lrwxrwxrwx.   1 root root     7 Oct  8 17:13 bin -> usr/bin

dr-xr-xr-x.   5 root root  1024 Oct  8 17:31 boot

drwxr-xr-x   19 root root  3440 Oct 10 07:02 dev

drwxr-xr-x. 144 root root 12288 Oct 10 07:02 etc

drwxr-xr-x.   4 root root  4096 Jul  8 17:56 home

lrwxrwxrwx.   1 root root     7 Oct  8 17:13 lib -> usr/lib

lrwxrwxrwx.   1 root root     9 Oct  8 17:13 lib64 -> usr/lib64

drwx------.   2 root root 16384 Jun 28 02:09 lost+found

drwxr-xr-x.   2 root root  4096 Jul  8 17:56 media

drwxr-xr-x.   3 root root  4096 Jul  8 17:56 mnt

drwxr-xr-x.   3 root root  4096 Oct  8 18:42 opt

dr-xr-xr-x  166 root root     0 Oct 10 07:02 proc

dr-xr-x---.   5 root root  4096 Oct  9 22:42 root

drwxr-xr-x   39 root root  1180 Oct 10 07:02 run

lrwxrwxrwx.   1 root root     8 Oct  8 17:13 sbin -> usr/sbin

drwxr-xr-x.   2 root root  4096 Jul  8 17:56 srv

dr-xr-xr-x   13 root root     0 Oct 10 07:02 sys

drwxrwxrwt   13 root root   280 Oct 10 07:03 tmp

drwxr-xr-x.  13 root root  4096 Oct  8 17:13 usr

drwxr-xr-x.  23 root root  4096 Oct  9 12:21 var

Also, moodle requires a data folder which I put in var with 777 permissions:

drwxrwxrwx.  6 root   root   4096 Oct  9 12:55 moodledata

httpd -S

VirtualHost configuration:

ServerRoot: "/etc/httpd"

Main DocumentRoot: "/var/www/html"

Main ErrorLog: "/etc/httpd/logs/error_log"

Mutex proxy: using_defaults

Mutex authn-socache: using_defaults

Mutex default: dir="/run/httpd/" mechanism=default

Mutex mpm-accept: using_defaults

Mutex authdigest-opaque: using_defaults

Mutex proxy-balancer-shm: using_defaults

Mutex rewrite-map: using_defaults

Mutex authdigest-client: using_defaults

PidFile: "/run/httpd/httpd.pid"

Define: DUMP_VHOSTS

Define: DUMP_RUN_CFG

User: name="apache" id=48 not_used

Group: name="apache" id=48 not_used

I have a Linksys router which has settings as such:

Start    End    Protocol    IP Address

80     80     both         192.168.1.100

8080    8080     both        192.168.1.126  <-- used with Tomcat which runs fine on another box.

This is in the httpd.config file:

#

# Listen: Allows you to bind Apache to specific IP addresses and/or

# ports, instead of the default. See also the <VirtualHost>

# directive.

#

# Change this to Listen on specific IP addresses as shown below to

# prevent Apache from glomming onto all bound IP addresses.

#

#Listen 12.34.56.78:80

Listen 80

What am I doing wrong?  Notice that info.php is in the documents directory and I can access it fine.

-rw-r--r--.  1 apache root     20 Oct  9 11:32 info.php

I tried to create the page as my regular user, but was unable to save in that directory, so I ended up creating it as root. How am I going to be able to work on Moodle development if I can’t modify files in the www/html folder as a regular user?  This is a development server with one user, myself.  Should I make all the files match the permissions on info.php and do all my work as root?

Thanks for any help,

Timothy.

---

From: yehuda@xxxxxxxxxx
Date: Wed, 9 Oct 2013 12:18:56 -0400
To: users@xxxxxxxxxxxxxxxx
Subject: Re: Permission Still Denied with Moodle

"AH00035: access to /moodle/ denied (filesystem path '/var/www/html/moodle') because search permissions are missing on a component of the path"

This implies that the x permission is missing. You posted for every directory except /var . What are its permissions?

I have no idea if selinux could get in the way or if setenforce 0 really gets rid of it.

Incorrect access detected, this server may be accessed only through "http://*my ip*/moodle" address, sorry.  Please notify server administrator.

Does Moodle modify the default 403 error page? That is probably what this is.

If I use http://*my ip*/moodle or http://*my ip*:80/moodle I get this error:
Oops! Google Chrome could not connect to *my ip*

Is apache set to listen to an IP besides 127.0.0.1?

Run httpd -S for the list of active vhosts.

- Y

On Wed, Oct 9, 2013 at 4:19 AM, Timothy Curchod <timofeyc@xxxxxxxxxxx> wrote:

Hi,

I've tried a few times to setup moodle on LAMP but failed each time with the following errors:

If I use localhost/moodle, I get this error:

Incorrect access detected, this server may be accessed only through "http://*my ip*/moodle" address, sorry.  Please notify server administrator.

If I use http://*my ip*/moodle or http://*my ip*:80/moodle I get this error:

Oops! Google Chrome could not connect to *my ip*

If I look in the /etc/httpd/logs/error_log I see:

[Wed Oct 09 14:59:46.240266 2013] [core:error] [pid 2279] (13)Permission denied: [client 127.0.0.1:43084] AH00035: access to /moodle/ denied (filesystem path '/var/www/html/moodle') because search permissions are missing on a component of the path

The wiki says this is an error 13 which indicates a filesystem permissions problem but I can't see where.  I've looked at a lot of questions relating to permission problems that people have had and it all seems to show that I have things set up correctly, or have tried the things that should work.  

/etc/httpd/conf/httpd.conf contains

...

User apache

Group apache

...

<Directory />

    AllowOverride none

    Require all denied

</Directory>

...

<Directory "/var/www">

    AllowOverride None

    # Allow open access:

    Require all granted

</Directory>

...

<Directory "/var/www/html">

    Options Indexes FollowSymLinks

    #AllowOverride None

    all 

    Require all granted

</Directory>

My directory permissions are:

drwxrwxr-x.  4 apache apache 4096 Oct  9 08:23 www

drwxrwxr-x. 2 apache apache 4096 Jul 31 15:50 cgi-bin

drwxrwxr-x. 3 apache apache 4096 Oct  9 14:07 html

-rw-r--r--.  1 apache root     20 Oct  9 11:32 info.php

drwxr-xr-x. 44 apache apache 4096 Oct  9 14:18 moodle

-rw-r-----.  1 apache apache    690 Oct  9 14:18 config.php

-rwxr-xr-x.  1 apache timothy 35147 Oct  4 11:43 COPYING.txt

drwxr-xr-x.  7 apache timothy  4096 Oct  9 14:06 course

-rwxr-xr-x.  1 apache timothy  2594 Oct  4 11:43 draftfile.php

drwxr-xr-x. 17 apache timothy  4096 Oct  9 14:06 enrol

drwxr-xr-x.  2 apache timothy  4096 Oct  9 14:06 error

-rwxr-xr-x.  1 apache timothy  3923 Oct  4 11:43 file.php

drwxr-xr-x.  3 apache timothy  4096 Oct  9 14:06 files

drwxr-xr-x. 14 apache timothy  4096 Oct  9 14:06 filter

-rwxr-xr-x.  1 apache timothy   953 Oct  4 15:14 githash.php

drwxr-xr-x.  8 apache timothy  4096 Oct  9 14:06 grade

drwxr-xr-x.  3 apache timothy  4096 Oct  9 14:06 group

-rwxr-xr-x.  1 apache timothy  1423 Oct  4 11:43 help_ajax.php

-rwxr-xr-x.  1 apache timothy  1761 Oct  4 11:43 help.php

-rwxr-xr-x.  1 apache timothy 13203 Oct  4 11:43 index.php

* tried setenforce 0.  The ls -alZ command returns 

-rwxr-xr-x. apache timothy unconfined_u:object_r:user_home_t:s0 index.php

* tried chown -R root on all files as well.

* ran the moodle setup script as such: # sudo -u apache /usr/bin/php install.php

I am using the following setup:

Fedora 19

Apache 2.4.6

PHP 5.5.4

moodle 2.5

MariaDB 5.5.32

Since the Moodle docs indicate this is a permissions problem with apache, I thought I should ask here first.  Any suggestions or solutions would be much welcomed.

Thanks,

Timothy Curchod.