You are not logged in.

#1 2017-05-24 13:21:36

darkday
Member
Registered: 2017-05-24
Posts: 3

localhost permissions (half working)

Hi everyone,

I've been trying to set my lamp install for days now, and it slowly begins to drive me crazy...

I wanna set my DocumentRoot to : /home/xxx/Sites

I put an index.html into Sites.
I gave apache (http) persmissions with ACL

So far :

localhost - got the index.html displayed
If I remove index.html : localhost - 403 error Permission Denied
localhost/tests  - displays the tests folder index and sub-folders 

What am I missing for getting the Index of all my sites folders displayed by localhost??

Any help would really be appreciated

DD

Last edited by darkday (2017-05-24 13:43:46)

Offline

#2 2017-05-24 13:46:51

tom.ty89
Member
Registered: 2012-11-15
Posts: 897

Re: localhost permissions (half working)

You don't really need to set ACL on Sites and its content if it the permission is 755 (or 644 for files), because they will be readable/listable by any users other than their owner.

However, by default $HOME (/home/xxx) has permission of 700, that's what you need to set ACL on.

P.S.

darkday wrote:

localhost/tests  - displays the tests folder index and sub-folders

I don't know why this happen to you though. In my case, if I don't:

setfacl -m u:http:x /home/tom

I get 403 for:

http://localhost/
http://localhost/a
http://localhost/tests/
http://localhost/tests/b

Last edited by tom.ty89 (2017-05-24 13:53:51)

Offline

#3 2017-05-25 08:37:40

darkday
Member
Registered: 2017-05-24
Posts: 3

Re: localhost permissions (half working)

Hi tom.ty89
Thank you for the quick reply.

Actually, I had tried several options with setfacl in order to get localhost running.
And I think I ended up allowing Sites also because otherwise it didn't work.
I had even tried to recursively allow only home, but nothing helped... (I didn't understand the 755/644/700 permission concept)

So, I fresh tried again, changing the setfacl permission from Sites to home

setfacl -R -x "u:http" /home/xxx/Sites
setfacl -m "u:http:--x" /home/xxx

then I checked permissions with getfacl and restarted apache:

getfacl /home/xxx and /home/xxx/Sites
sudo systemctl restart httpd

All is set properly, but now I get that 403 Forbidden access everywhere.
Sigh...

I still don't understand why it doesn't work...

Last edited by darkday (2017-05-25 08:39:39)

Offline

#4 2017-05-25 11:49:23

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: localhost permissions (half working)

Is there any reason that the document root needs to be in your home folder?  Put it under /srv and let it have the default ownership of http:http.  You can have a symlink to /srv/whatver in your home directory for easy access.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#5 2017-05-25 11:58:31

tom.ty89
Member
Registered: 2012-11-15
Posts: 897

Re: localhost permissions (half working)

Well, is USER set to http in your /etc/httpd/conf/httpd.conf though? Also check that http exists in /etc/passwd.

Offline

#6 2017-05-25 12:58:37

darkday
Member
Registered: 2017-05-24
Posts: 3

Re: localhost permissions (half working)

Hi Trilby and tom.ty89

Trilby wrote:

Is there any reason that the document root needs to be in your home folder?

Well, coming from Windows, I always had the habit not to keep my data on my system partiton.
Being a bit paranoid, I then thought it would be better to put my data on my sda4, in case I'd screw my arch system.
But maybe you are right, maybe I shouldn't create symlink but instead sync all my files from /svr to /home at the end of the day...?

tom.ty89 wrote:

Well, is USER set to http in your /etc/httpd/conf/httpd.conf though? Also check that http exists in /etc/passwd.

Yes, User and Group are set to http
And http exists in /etc/passwd  : http:x:33:33:http:/srv/http:/usr/bin/nologin

I read on the forum that we can also run the web server under the user account, instead of altering the home folder's permissions.
Maybe this would be a better option?

Considering my concerns about not storing files on the system partition (the Windows style), what would you advice?

Offline

#7 2017-05-25 13:00:38

seth
Member
Registered: 2012-09-03
Posts: 49,981

Re: localhost permissions (half working)

You don't understand POSIX permissions but try on ACL capabilities???

stat /home/xxx/Sites
stat /home/xxx/Sites/tests

Also see https://wiki.archlinux.org/index.php/Ap … ed_options notably the DocumentRoot warning.
Also you got to enable directory listings, that's security risk: https://wiki.apache.org/httpd/DirectoryListings

Offline

#8 2017-05-25 13:37:30

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: localhost permissions (half working)

I really cant advise on not storing data on the system partition - the aversion to doing so doesn't make any sense to me.  Is this just some Windows based habit, or do you actually have reason/evidence to think it's wise?  If it's just habit, break it: linux != windows.

As for data, you should have backups - regardless of the OS or which partition the data is on.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

Board footer

Powered by FluxBB