Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
You don't have permission to access /~username
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Kennel
n00b
n00b


Joined: 13 Apr 2002
Posts: 17
Location: Helsingborg, Sweden

PostPosted: Fri Jun 21, 2002 1:45 am    Post subject: You don't have permission to access /~username Reply with quote

So I decided to upgrade my old 1.0rc6 to 1.2 and all went well except that I can't seem to get access to users public_html through /~username. I get:

You don't have permission to access /~username on this server

I searched the forums and found some stuff about adding the apache user to the users group and I did by running:

usermod -G apache,users apache

I also made sure that ~/public_html was chmodded 755 (even tried 777). Still no luck. Could someone please tell me what to do? I'm kind of a newbie, so a very descriptive instruction would be appreciated.

BTW. I screwed around quite a lot with apache.conf and commonapache.conf because I first believed that the problem was there. Where can I download the original version of these two files again (1.3.26)?
_________________
My hovercraft is full of eels.
Back to top
View user's profile Send private message
skweegie
n00b
n00b


Joined: 18 Jun 2002
Posts: 9

PostPosted: Fri Jun 21, 2002 2:31 am    Post subject: Reply with quote

since you already added the apache user to the users group...

did you confirm that the user's home directories themselves are 755?

please note that the -m switch in useradd defaults user home directories to permission 700. do a ls -al /home to confirm correct user directory permissions...

cheers
Back to top
View user's profile Send private message
rt_clik
n00b
n00b


Joined: 18 Jun 2002
Posts: 70
Location: Rohnert Park, California, US

PostPosted: Fri Jun 21, 2002 3:52 am    Post subject: Re: You don't have permission to access /~username Reply with quote

Another (obvious, I know) thing to check is the apache.conf file to make sure that:

UserDir public_html

still exists. I would assume that this hasn't changed (or was backed up), but had a similar experience myself, and this was the culprit.

Good luck.

CW

Kennel wrote:
So I decided to upgrade my old 1.0rc6 to 1.2 and all went well except that I can't seem to get access to users public_html through /~username. I get:

You don't have permission to access /~username on this server

I searched the forums and found some stuff about adding the apache user to the users group and I did by running:

usermod -G apache,users apache

I also made sure that ~/public_html was chmodded 755 (even tried 777). Still no luck. Could someone please tell me what to do? I'm kind of a newbie, so a very descriptive instruction would be appreciated.

BTW. I screwed around quite a lot with apache.conf and commonapache.conf because I first believed that the problem was there. Where can I download the original version of these two files again (1.3.26)?
Back to top
View user's profile Send private message
Kennel
n00b
n00b


Joined: 13 Apr 2002
Posts: 17
Location: Helsingborg, Sweden

PostPosted: Fri Jun 21, 2002 10:38 am    Post subject: Reply with quote

skweegie wrote:

did you confirm that the user's home directories themselves are 755?

Ah! That did the trick. Another question then, won't this allow anyone to read the contents of anyones homedir?
_________________
My hovercraft is full of eels.
Back to top
View user's profile Send private message
klieber
Bodhisattva
Bodhisattva


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Fri Jun 21, 2002 11:55 am    Post subject: Reply with quote

Kennel wrote:
Another question then, won't this allow anyone to read the contents of anyones homedir?


Yes, change it to 750 instead. BTW, what group owns all your user directories? Is it 'users'? If so, then even 750 will allow all users to read and execute other users files.

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
Kennel
n00b
n00b


Joined: 13 Apr 2002
Posts: 17
Location: Helsingborg, Sweden

PostPosted: Sat Jun 22, 2002 9:56 am    Post subject: Reply with quote

klieber wrote:
Kennel wrote:
Another question then, won't this allow anyone to read the contents of anyones homedir?


Yes, change it to 750 instead. BTW, what group owns all your user directories? Is it 'users'? If so, then even 750 will allow all users to read and execute other users files.

--kurt

Yes, that is very true. What do you recommend to get around this?
_________________
My hovercraft is full of eels.


Last edited by Kennel on Sat Jun 22, 2002 10:39 am; edited 1 time in total
Back to top
View user's profile Send private message
klieber
Bodhisattva
Bodhisattva


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Sat Jun 22, 2002 10:31 am    Post subject: Reply with quote

Kennel wrote:
Yes, that is very true. What do you recommend to get around this?


Create a special group for each user, named the same as the username. (so, for me, there would be a 'klieber' group, of which I was the only member) Then, chown each users' home directory to their username and their group. Then, 750 will work as expected/desired.

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
Kennel
n00b
n00b


Joined: 13 Apr 2002
Posts: 17
Location: Helsingborg, Sweden

PostPosted: Sat Jun 22, 2002 10:38 am    Post subject: Reply with quote

klieber wrote:
Kennel wrote:
Yes, that is very true. What do you recommend to get around this?


Create a special group for each user, named the same as the username. (so, for me, there would be a 'klieber' group, of which I was the only member) Then, chown each users' home directory to their username and their group. Then, 750 will work as expected/desired.

--kurt

Ok, but won't I have to add apache to all those groups then i order for some.where/~username to be accessible?
_________________
My hovercraft is full of eels.
Back to top
View user's profile Send private message
klieber
Bodhisattva
Bodhisattva


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Sat Jun 22, 2002 10:57 am    Post subject: Reply with quote

Kennel wrote:
Ok, but won't I have to add apache to all those groups then i order for some.where/~username to be accessible?


Yes, but you can't have it both ways. Perhaps a better question is why are you putting apache virtual roots within home directories and is there a better way you can do that? (like using symlinks to another place on the HD, for example)

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum