Re: fedora 4 + apache + forbidden

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tim wrote:


On Fri, 2005-12-23 at 10:55 +0000, Raul wrote:

lrwxrwxrwx      1 root   root     13 Dec 22 01:10 ldap -> phpldapadmin/
-rw-r--r--      1 root   root     22 Dec 17 21:25 php_info.php
drwxrwxr-x      7 apache apache 4096 Dec 21 23:55 phpldapadmin
lrwxrwxrwx      1 root   root     20 Dec 17 23:56 phpmyadmin -> phpMyAdmin-2.7.0-pl1
drwxr-xr-x      7 apache apache 4096 Dec 22 00:13 phpMyAdmin-2.7.0-pl1
drwxr-xr-x      8 apache apache 4096 Dec 17 21:46 scarecrow
drwxr-xr-x      2 root   root   4096 Dec 22 01:10 test
A tip about something else: 
It's not usually a good idea to put files into the webspace as owned by
apache.  You're giving the server write access to those files, that way,
and that may be remotely exploitable.

Usually, they're owned by someone else, and given world readable, and
world-executable (where needed) permissions, for the server to allow the
WWW to see them.


As I said am having all the defaults on apache (users etc.) however am
not able to access the folder phpldapadmin by http://azul/phpldapadmin,
but I do access it via http://azul/ldap which is a soft link to
phpldapadmin. The error message am getting is a simple forbidden. Since
I can access tru the link is not a real problem, but I don't know why I
cannot make it tru the original.

Things I changed on the conf file are

   AllowOverride All

    UserDir public_html

everything else is the defaults.

P.S. am getting the sam error when doing http://azul/~user/


I can't think of the reason for your phpldapadmin access problem off the
top of my head, but SELinux could be one (particularly with the ~user
one).  And in the case of the user homespace one, you need to make their
public_html world readable and executable, and *all* the parent
directories (right down to /home) world executable, as well as
appropriate SELinux contexts and rules (if you're using SELinux).



Tim,
Thanks for your answer, you are right on the 'tip' of ownership. I also thought it could be related to SELinux, as this was the case with Samba, but am not too familiar with SELinux, but however it all seems to me to be the same at least at first glance. If I do a ls -Z -d on the html folder I get: 

[root@azul html]# ls -Z -d *
drwxr-sr-t  sanchez  sanchez  root:object_r:httpd_sys_content_t adds
lrwxrwxrwx root root root:object_r:httpd_sys_content_t ldap -> phpldapadmin/ 
-rw-r--r--  sanchez  sanchez  root:object_r:httpd_sys_content_t php_info.php
drwxrwxrwx  sanchez  sanchez  root:object_r:httpd_sys_content_t phpldapadmin
lrwxrwxrwx root root root:object_r:httpd_sys_content_t phpmyadmin -> phpMyAdmin-2.7.0-pl1 drwxr-xr-x sanchez sanchez root:object_r:httpd_sys_content_t phpMyAdmin-2.7.0-pl1 
drwxr-xr-x  sanchez  sanchez  root:object_r:httpd_sys_content_t scarecrow
drwxr-xr-x  sanchez  sanchez  root:object_r:httpd_sys_content_t test

Or in the ~ folder

ls -Z -d ~sanchez/public_html/
drwxrwsrwt sanchez sanchez root:object_r:httpd_sys_content_t /home/sanchez/public_html/ 



Well I guess am gonna have to read much more about SELinux, thanks again.
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux