From owner-freebsd-questions@FreeBSD.ORG Sun Aug 17 10:01:12 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEDC437B401 for ; Sun, 17 Aug 2003 10:01:12 -0700 (PDT) Received: from webserver.get-linux.org (adsl-64-161-78-226.dsl.lsan03.pacbell.net [64.161.78.226]) by mx1.FreeBSD.org (Postfix) with SMTP id 4ABDE43F75 for ; Sun, 17 Aug 2003 10:01:12 -0700 (PDT) (envelope-from root@webserver.get-linux.org) Received: (qmail 3462 invoked by uid 0); 17 Aug 2003 17:01:11 -0000 Date: Sun, 17 Aug 2003 10:01:11 -0700 From: Joshua Oreman To: Jez Hancock Message-ID: <20030817170111.GC3389@webserver> References: <9C413C14-D0A4-11D7-976E-003065A51656@mac.com> <000401c364bb$29e596c0$f4f0a8c0@pcmedx.com> <20030817141041.GA66494@users.munk.nu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030817141041.GA66494@users.munk.nu> User-Agent: Mutt/1.4.1i cc: questions@freebsd.org Subject: Re: permission in apache X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Aug 2003 17:01:13 -0000 On Sun, Aug 17, 2003 at 03:10:41PM +0100 or thereabouts, Jez Hancock wrote: > On Sun, Aug 17, 2003 at 05:29:11AM -0700, Mike Maltese wrote: > > This shouldn't have anything to do with UNIX permissions. You'll get this > > error (403) if there is no document by the name specified in the > > DirectoryIndex directive (defualt is index.html) and the directory does not > > have the Indexes option (display directory contents). So either create > > index.html in that directory, or add Indexes to the Options for that > > directory to view the list of files. These options can be set on a per-vhost > > basis. > A 403 error would occur if a DirectoryIndex file exists (index.html say) > and permissions on that file in the DocumentRoot were such that it can't > be accessed by the apache user. > > Further it could be the case that permissions on the file itself, say > /usr/local/www/vhost/index.html, were 755 but still the error occurs. > Usually this is because the permissions on a parent directory somewhere > up the directory tree are set so that the apache user can't read files > under that directory structure. For example /usr/local/www might be set > to 750 and owned 'root:wheel' - so the 'other' group (which the apache > user falls into) cannot read files under that directory tree. > > In summary make sure the EUID user apache is running as has access to > the DocumentRoot directory as well as the files it needs to access of > course. > > FWIW you can check if the apache user has perms to read somefile.txt by doing: > > echo "ls -al somefile.txt" | su -fm www Won't work. Non-apache-related-example: % id -u 1000 % ls /etc/master.passwd /etc/master.passwd % less /etc/master.passwd /etc/master.passwd: Permission denied You need to actually read the file - something like `dd if=somefile.txt of=/dev/null' should work. -- Josh > > as root. > > -- > Jez > > http://www.munk.nu/ > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"