I lost my harddrive on my little personal webserver that only serves
some private files from my userdir.
So I am trying to build this from notes on a new Centos7.3 installation
(well really Centos7.3-arm, but supposedly same sources).
Right now the server is running on a test subnet, not the production,
but I have set up the hostname and my standard httpd edits. I have
enabled userdir and setup my /home/rgm/public_html directory with 711
permissions.
I can display the /home/rgm/public_html/index.html file that only has
"Hello World' in it (to prevent anyone from walking my file tree from
the root).
But when I try to display the files in a subdir with ipaddr/~rgm/mydir
I get
You don't have permission to access /~rgm/mydir/ on this server.
So obviously I have forgotten something that I did not put into my
notes, or something has changed from Centos6.
I have tried both:
<Directory "/home/*/public_html">
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
which is what the current /etc/httpd/conf.d/userdir.conf has, and what I
have in my notes:
<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
Neither seems to make a difference.
thank you for your assistance.
Hello Robert, On Tue, 2016-12-27 at 10:25 -0500, Robert Moskowitz wrote:> I can display the /home/rgm/public_html/index.html file that only has > "Hello World' in it (to prevent anyone from walking my file tree from > the root).To prevent people walking a directory structure you better disable Options Indexes.> But when I try to display the files in a subdir with ipaddr/~rgm/mydir > > I get > > You don't have permission to access /~rgm/mydir/ on this server.The fact that you see the index page makes me assume SELinux is not the problem. If you do have it enabled you might want to check out the sebooleans that affect apache. $ getsebool -a | grep http httpd_enable_homedirs is one of those. Remember that file access is based on file permissions in combination with file ownership. This means that if apache is neither owner nor group owner of a file world must have read access for apache to access such files. A 711 permission on a directory is then insufficient. It allows apache to cd to, but not read the directory. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research
On 12/27/2016 11:48 AM, Leonard den Ottolander wrote:> Hello Robert, > > On Tue, 2016-12-27 at 10:25 -0500, Robert Moskowitz wrote: >> I can display the /home/rgm/public_html/index.html file that only has >> "Hello World' in it (to prevent anyone from walking my file tree from >> the root). > To prevent people walking a directory structure you better disable > Options Indexes.If I tell someone about ~rgm/mydir (really no such dir), then I want them to find ~rgm/mydir/subdir, but not know about ~rgm/otherdir. My understanding (most likely flawed) is that Indexes are needed to see the list of files in mydir, and to be able to walk down to subdir. By having a ~rgm/index.html file, they can't query what other files are directly in the public_html directory.> >> But when I try to display the files in a subdir with ipaddr/~rgm/mydir >> >> I get >> >> You don't have permission to access /~rgm/mydir/ on this server. > The fact that you see the index page makes me assume SELinux is not the > problem. If you do have it enabled you might want to check out the > sebooleans that affect apache. > > $ getsebool -a | grep http > > httpd_enable_homedirs is one of those.I ran setsebool -P httpd_enable_homedirs on restorecon -Rv /home And I see: httpd_enable_homedirs --> on> Remember that file access is based on file permissions in combination > with file ownership. This means that if apache is neither owner nor > group owner of a file world must have read access for apache to access > such files. A 711 permission on a directory is then insufficient. It > allows apache to cd to, but not read the directory.the owner is rgm:rgm, but the permissions is 755, not 711. So still scratching my head here..