Re: Help with httpd userdir recovery

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/28/2016 04:16 AM, Robert Moskowitz wrote:
>
>
> On 12/27/2016 08:20 PM, John Fawcett wrote:
>> On 12/28/2016 01:43 AM, John Fawcett wrote:
>>> On 12/28/2016 01:12 AM, Robert Moskowitz wrote:
>>>> On 12/27/2016 07:06 PM, John Fawcett wrote:
>>>>> On 12/28/2016 12:34 AM, Robert Moskowitz wrote:
>>>>>> On 12/27/2016 05:44 PM, John Fawcett wrote:
>>>>>>> That error should be caused by having MultiViews options but
>>>>>>> incorrect
>>>>>>> permissions (711 instead of 755) on the directory.
>>>>>> I just did chmod -R 755 /home/rgm/public_html and no change in
>>>>>> behavior.
>>>>>>
>>>>>> Even tried chmod -R 755 /home/rgm
>>>>> Are you actually using MultiViews? If you don't need that option,
>>>>> maybe
>>>>> the easiest thing is to take it out and see if the error message
>>>>> changes.
>>>> I am using the default conf file for userdir.
>>>>
>>>> /etc/httpd/conf.d/userdir.conf
>>>>
>>>> So I deleted Multiviews and now the error is:
>>>>
>>>> [Tue Dec 27 19:09:31.013176 2016] [autoindex:error] [pid 2138]
>>>> (13)Permission denied: [client 192.168.160.12:55762] AH01275: Can't
>>>> open directory for index: /home/rgm/public_html/family/
>>>>
>>>>
>>>> ____
>>> I know this is not going to help, but that error means that apache does
>>> not have access to read the directory /home/rgm/public_html/family/.
>>> That doesn't really fit with the rest of the evidence, that you have
>>> chmod 755 everything from /home/rgm/public_html downwards and that
>>> apache can read specific files from /home/rgm/public_html.
>>> John
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS@xxxxxxxxxx
>>> https://lists.centos.org/mailman/listinfo/centos
>> Here is a small test program that you can use to check the permissions.
>>
>> You can compile it with:
>>
>> cc -o test test.c
>
> This is on Centos7-arm, so I will have to install all the build stuff,
> and hopefully won't take too long to compile....
>
> Tomorrow most likely.
>
>
>
>>
>> then run it with:
>>
>> ./test apache /home/rgm/public_html/family/
>>
>> where apache is the name of the user that your web server runs under
>> (check it with ps -ef | grep http). You should run it as root (or from
>> sudo).
>>
>> John
>>
>> ------test.c-------
>>
>> #include <pwd.h>
>> #include <stdio.h>
>> #include <stdlib.h>
>> #include <unistd.h>
>> #include <errno.h>
>> #include <sys/types.h>
>> #include <dirent.h>
>>
>> int
>> main(int argc, char *argv[])
>> {
>>      struct passwd pwd;
>>      struct passwd *result;
>>      char *buf;
>>      size_t bufsize;
>>      int s;
>>
>>     if (argc != 3) {
>>          fprintf(stderr, "Usage: %s username directory\n", argv[0]);
>>          exit(EXIT_FAILURE);
>>      }
>>
>>     bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
>>      if (bufsize == -1)          /* Value was indeterminate */
>>          bufsize = 16384;        /* Should be more than enough */
>>
>>     buf = malloc(bufsize);
>>      if (buf == NULL) {
>>          perror("malloc");
>>          exit(EXIT_FAILURE);
>>      }
>>
>>     s = getpwnam_r(argv[1], &pwd, buf, bufsize, &result);
>>      if (result == NULL) {
>>          if (s == 0)
>>              printf("Not found\n");
>>          else {
>>              errno = s;
>>              perror("getpwnam_r");
>>          }
>>          exit(EXIT_FAILURE);
>>      }
>>
>>      printf("Name: %s; UID: %ld GID: %ld\n", pwd.pw_gecos, (long)
>> pwd.pw_uid, (long) pwd.pw_gid);
>>
>>      /* process is running as root, drop privileges */
>>
>>      if (getuid() == 0) {
>>          if (setgid(pwd.pw_gid) != 0) {
>>              perror("setgid: Unable to drop group privileges");
>>              exit(EXIT_FAILURE);
>>          }
>>          if (setuid(pwd.pw_uid) != 0) {
>>              perror("setuid: Unable to drop user privileges");
>>              exit(EXIT_FAILURE);
>>          }
>>          printf("dropped privileges\n");
>>      } else {
>>          errno = ENOTSUP;
>>          perror("process is not running as root cannot change user\n");
>>          exit(EXIT_FAILURE);
>>      }
>>
>>      /* check privileges really dropped */
>>
>>      if (setuid(0) != -1) {
>>          errno = ENOTSUP;
>>          perror("ERROR: Managed to regain root privileges");
>>          exit(EXIT_FAILURE);
>>      }
>>
>>      /* open directory */
>>
>>      DIR * d;
>>      d = opendir(argv[2]);
>>      printf("Attempting to open directory %s\n",argv[2]);
>>      if (d == NULL) {
>>          perror("Error opening directory");
>>          exit(EXIT_FAILURE);
>>      } else {
>>          printf("Success opening directory %s\n",argv[2]);
>>      }
>>      exit(EXIT_SUCCESS);
>> }
>>
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS@xxxxxxxxxx
>> https://lists.centos.org/mailman/listinfo/centos
>>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos

I'm not sure if it is worth installing a build system just for this
unless you need it for other stuff. Maybe other lines of investigation
will bring up something.

John

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux