From owner-freebsd-questions@FreeBSD.ORG Sun Aug 17 07:10:45 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B6A2637B401 for ; Sun, 17 Aug 2003 07:10:45 -0700 (PDT) Received: from munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E78043F3F for ; Sun, 17 Aug 2003 07:10:42 -0700 (PDT) (envelope-from munk@munk.nu) Received: from munk by munk.nu with local (Exim 4.20) id 19oOEz-000HcG-C9 for questions@freebsd.org; Sun, 17 Aug 2003 15:10:41 +0100 Date: Sun, 17 Aug 2003 15:10:41 +0100 From: Jez Hancock To: questions@freebsd.org Message-ID: <20030817141041.GA66494@users.munk.nu> Mail-Followup-To: questions@freebsd.org References: <9C413C14-D0A4-11D7-976E-003065A51656@mac.com> <000401c364bb$29e596c0$f4f0a8c0@pcmedx.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000401c364bb$29e596c0$f4f0a8c0@pcmedx.com> User-Agent: Mutt/1.4.1i Sender: User Munk Subject: Re: permission in apache X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Aug 2003 14:10:46 -0000 On Sun, Aug 17, 2003 at 05:29:11AM -0700, Mike Maltese wrote: > This shouldn't have anything to do with UNIX permissions. You'll get this > error (403) if there is no document by the name specified in the > DirectoryIndex directive (defualt is index.html) and the directory does not > have the Indexes option (display directory contents). So either create > index.html in that directory, or add Indexes to the Options for that > directory to view the list of files. These options can be set on a per-vhost > basis. A 403 error would occur if a DirectoryIndex file exists (index.html say) and permissions on that file in the DocumentRoot were such that it can't be accessed by the apache user. Further it could be the case that permissions on the file itself, say /usr/local/www/vhost/index.html, were 755 but still the error occurs. Usually this is because the permissions on a parent directory somewhere up the directory tree are set so that the apache user can't read files under that directory structure. For example /usr/local/www might be set to 750 and owned 'root:wheel' - so the 'other' group (which the apache user falls into) cannot read files under that directory tree. In summary make sure the EUID user apache is running as has access to the DocumentRoot directory as well as the files it needs to access of course. FWIW you can check if the apache user has perms to read somefile.txt by doing: echo "ls -al somefile.txt" | su -fm www as root. -- Jez http://www.munk.nu/