You are not logged in.
Pages: 1
Hi everyone,
I've been trying to set my lamp install for days now, and it slowly begins to drive me crazy...
I wanna set my DocumentRoot to : /home/xxx/Sites
I put an index.html into Sites.
I gave apache (http) persmissions with ACL
So far :
localhost - got the index.html displayed
If I remove index.html : localhost - 403 error Permission Denied
localhost/tests - displays the tests folder index and sub-folders
What am I missing for getting the Index of all my sites folders displayed by localhost??
Any help would really be appreciated
DD
Last edited by darkday (2017-05-24 13:43:46)
Offline
You don't really need to set ACL on Sites and its content if it the permission is 755 (or 644 for files), because they will be readable/listable by any users other than their owner.
However, by default $HOME (/home/xxx) has permission of 700, that's what you need to set ACL on.
P.S.
localhost/tests - displays the tests folder index and sub-folders
I don't know why this happen to you though. In my case, if I don't:
setfacl -m u:http:x /home/tom
I get 403 for:
http://localhost/
http://localhost/a
http://localhost/tests/
http://localhost/tests/b
Last edited by tom.ty89 (2017-05-24 13:53:51)
Offline
Hi tom.ty89
Thank you for the quick reply.
Actually, I had tried several options with setfacl in order to get localhost running.
And I think I ended up allowing Sites also because otherwise it didn't work.
I had even tried to recursively allow only home, but nothing helped... (I didn't understand the 755/644/700 permission concept)
So, I fresh tried again, changing the setfacl permission from Sites to home
setfacl -R -x "u:http" /home/xxx/Sites
setfacl -m "u:http:--x" /home/xxx
then I checked permissions with getfacl and restarted apache:
getfacl /home/xxx and /home/xxx/Sites
sudo systemctl restart httpd
All is set properly, but now I get that 403 Forbidden access everywhere.
Sigh...
I still don't understand why it doesn't work...
Last edited by darkday (2017-05-25 08:39:39)
Offline
Is there any reason that the document root needs to be in your home folder? Put it under /srv and let it have the default ownership of http:http. You can have a symlink to /srv/whatver in your home directory for easy access.
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
Well, is USER set to http in your /etc/httpd/conf/httpd.conf though? Also check that http exists in /etc/passwd.
Offline
Hi Trilby and tom.ty89
Is there any reason that the document root needs to be in your home folder?
Well, coming from Windows, I always had the habit not to keep my data on my system partiton.
Being a bit paranoid, I then thought it would be better to put my data on my sda4, in case I'd screw my arch system.
But maybe you are right, maybe I shouldn't create symlink but instead sync all my files from /svr to /home at the end of the day...?
Well, is USER set to http in your /etc/httpd/conf/httpd.conf though? Also check that http exists in /etc/passwd.
Yes, User and Group are set to http
And http exists in /etc/passwd : http:x:33:33:http:/srv/http:/usr/bin/nologin
I read on the forum that we can also run the web server under the user account, instead of altering the home folder's permissions.
Maybe this would be a better option?
Considering my concerns about not storing files on the system partition (the Windows style), what would you advice?
Offline
You don't understand POSIX permissions but try on ACL capabilities???
stat /home/xxx/Sites
stat /home/xxx/Sites/tests
Also see https://wiki.archlinux.org/index.php/Ap … ed_options notably the DocumentRoot warning.
Also you got to enable directory listings, that's security risk: https://wiki.apache.org/httpd/DirectoryListings
Offline
I really cant advise on not storing data on the system partition - the aversion to doing so doesn't make any sense to me. Is this just some Windows based habit, or do you actually have reason/evidence to think it's wise? If it's just habit, break it: linux != windows.
As for data, you should have backups - regardless of the OS or which partition the data is on.
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
Pages: 1