The error log says that the file Apache is trying to read is /radar/data/hi3.html. The error log normally will report the absolute file system path contrary to the access log that reports the URL path requested. At the same time, from the information given, it is my understanding that the URL you are trying to get is http://whatever/radar/data/hi3.html (from the browser's message about not having permissions to access /radar/data/hi3.html on the server). Those two pieces of information put together seem to indicate that your DocumentRoot is /.
You also say that documents in the radar directory are served correctly, which totally confuses me.
Could you provide the following pieces of information:
1. ServerRoot from httpd.conf
2. DocumentRoot from httpd.conf
3. The path to your httpd.conf file
4. the output of the command "ps -ef | grep httpd"
5. the output of the command "ls -l /var/www/html/radar/data/hi3.html"
-ascs
________________________________
From: Dr. Stephen Judd [mailto:sjudd@xxxxxxxxxxxxxx]
Sent: Tuesday, January 31, 2006 4:50 AM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] permissions problem
On 2006 Jan 30, at 10:09 PM, Joshua Slive wrote:
On 1/30/06, Dr. Stephen Judd <sjudd@xxxxxxxxxxxxxx> wrote:
On 2006 Jan 30, at 4:01 PM, Joshua Slive wrote:
On 1/30/06, David Salisbury <salisbury@xxxxxxxxx> wrote:
[Mon Jan 30 15:54:49 2006] [error] (13)Permission denied: access to
/radar/data/hi3.html denied
I'm not so sure about your "forbidden by rule" assumption. I believe if
you were to Deny access to an IP address you get a simple "permission
denied".
So I wouldn't discount a configuration problem.. maybe even a hidden
.htaccess
guy hanging out.
No, in this case, "permission denied" (errorno=EACCES=13) is what the
OS is returning when apache tries to open the file.
Try logging in as the user specified in the User/Group directive and
see if you can access the file.
Joshua.
The config file says this:
User apache
Group apache
The straightforward way of doing what you ask for does not work:
[root@database ~]# su apache
This account is currently not available.
I don't know exactly what that means or how to get around it,
but I investigated this much further the other day and found some
oddities...
I wrote a little script to look into the issue of who the user is:
<?php
clearstatcache();
$yuzer= $_ENV['USER']; $lognm= $_ENV['LOGNAME'];
print "USER= $yuzer, LOGNAME= $lognm<br/>\n";
$getperms= fileperms('data') & 0777;
print "fileperms are: $getperms <br/>\n";
if ($getperms ==0) print "cannot access<br/>\n";
?>
When invoked via the web, it apparently runs as root(!) (not apache?!)
and gives a message saying that it cannot do a stat:
USER= root, LOGNAME= root
fileperms are: 0
cannot access
When invoked from the command line (in any of several users I tried)
it works fine and accesses the file. I'm baffled. Is the "root" user
that it purports to be the same as the usual system root user? If so, why
can it not access a file that everyone else can? If not, then who is it??
USER/LOGNAME are probably inherited from the parent apache process.
If you create a file in /tmp, you'll probably find it is owned by
apache.
Yes. You are right about that. That makes the message from the script
all the more confusing. I suppose that it gets invoked as root and then
switches its identity to apache as soon as it can. You'd think that its
identity as root would be gone long before it ran my script, but whatever.
Your problem still sounds very much like SELinux to me. Are you
absolutely positive you are not running that?
What exact version of redhat are you running?
I'm quite sure I'm not running SELinux. Here is my evidence:
[judd@database ~]$ echo $MACHTYPE
i686-redhat-linux-gnu
As for version, I dunno. How do I find out?
If not, check the permissions on every file and directory starting
with the one you are trying to access and going all the way up the
tree.
I've done this --and redone it-- because it sure seems like the thing to do.
But no explanation lies in there.
The permissions on the radar directory are these:
drwxr-xr-x 3 radar radargrp 4096 Jan 27 22:21 radar
The permissions on the data directory are these:
drwxrwxrwx 4 radar radargrp 4096 Jan 26 09:13 data
And given that files from the radar directory are being served up without
problem, I believe that I need exhibit no more evidence. Is that true?
Anyway, I'll provide it just to be forthcoming...
radar's parent is this:
drwxr-xr-x 4 root root 4096 Jan 27 22:28 html
html's parent is this:
drwxr-xr-x 8 root root 4096 Jan 6 11:26 www
and www's parent is this:
drwxr-xr-x 21 root root 4096 Jan 6 11:38 var
and var's parent is /. The path is OPEN !
Tell me about the issue in SELinux. At this point, I'm willing to chase any
possibilities.
sj
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|