On 12/28/2016 01:43 AM, John Fawcett wrote:> On 12/28/2016 01:12 AM, Robert Moskowitz wrote: >> >> On 12/27/2016 07:06 PM, John Fawcett wrote: >>> On 12/28/2016 12:34 AM, Robert Moskowitz wrote: >>>> On 12/27/2016 05:44 PM, John Fawcett wrote: >>>>> That error should be caused by having MultiViews options but incorrect >>>>> permissions (711 instead of 755) on the directory. >>>> I just did chmod -R 755 /home/rgm/public_html and no change in >>>> behavior. >>>> >>>> Even tried chmod -R 755 /home/rgm >>> Are you actually using MultiViews? If you don't need that option, maybe >>> the easiest thing is to take it out and see if the error message >>> changes. >> I am using the default conf file for userdir. >> >> /etc/httpd/conf.d/userdir.conf >> >> So I deleted Multiviews and now the error is: >> >> [Tue Dec 27 19:09:31.013176 2016] [autoindex:error] [pid 2138] >> (13)Permission denied: [client 192.168.160.12:55762] AH01275: Can't >> open directory for index: /home/rgm/public_html/family/ >> >> >> ____ > I know this is not going to help, but that error means that apache does > not have access to read the directory /home/rgm/public_html/family/. > That doesn't really fit with the rest of the evidence, that you have > chmod 755 everything from /home/rgm/public_html downwards and that > apache can read specific files from /home/rgm/public_html. > John > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centosHere is a small test program that you can use to check the permissions. You can compile it with: cc -o test test.c then run it with: ./test apache /home/rgm/public_html/family/ where apache is the name of the user that your web server runs under (check it with ps -ef | grep http). You should run it as root (or from sudo). John ------test.c------- #include <pwd.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <errno.h> #include <sys/types.h> #include <dirent.h> int main(int argc, char *argv[]) { struct passwd pwd; struct passwd *result; char *buf; size_t bufsize; int s; if (argc != 3) { fprintf(stderr, "Usage: %s username directory\n", argv[0]); exit(EXIT_FAILURE); } bufsize = sysconf(_SC_GETPW_R_SIZE_MAX); if (bufsize == -1) /* Value was indeterminate */ bufsize = 16384; /* Should be more than enough */ buf = malloc(bufsize); if (buf == NULL) { perror("malloc"); exit(EXIT_FAILURE); } s = getpwnam_r(argv[1], &pwd, buf, bufsize, &result); if (result == NULL) { if (s == 0) printf("Not found\n"); else { errno = s; perror("getpwnam_r"); } exit(EXIT_FAILURE); } printf("Name: %s; UID: %ld GID: %ld\n", pwd.pw_gecos, (long) pwd.pw_uid, (long) pwd.pw_gid); /* process is running as root, drop privileges */ if (getuid() == 0) { if (setgid(pwd.pw_gid) != 0) { perror("setgid: Unable to drop group privileges"); exit(EXIT_FAILURE); } if (setuid(pwd.pw_uid) != 0) { perror("setuid: Unable to drop user privileges"); exit(EXIT_FAILURE); } printf("dropped privileges\n"); } else { errno = ENOTSUP; perror("process is not running as root cannot change user\n"); exit(EXIT_FAILURE); } /* check privileges really dropped */ if (setuid(0) != -1) { errno = ENOTSUP; perror("ERROR: Managed to regain root privileges"); exit(EXIT_FAILURE); } /* open directory */ DIR * d; d = opendir(argv[2]); printf("Attempting to open directory %s\n",argv[2]); if (d == NULL) { perror("Error opening directory"); exit(EXIT_FAILURE); } else { printf("Success opening directory %s\n",argv[2]); } exit(EXIT_SUCCESS); }
On 12/27/2016 08:20 PM, John Fawcett wrote:> On 12/28/2016 01:43 AM, John Fawcett wrote: >> On 12/28/2016 01:12 AM, Robert Moskowitz wrote: >>> On 12/27/2016 07:06 PM, John Fawcett wrote: >>>> On 12/28/2016 12:34 AM, Robert Moskowitz wrote: >>>>> On 12/27/2016 05:44 PM, John Fawcett wrote: >>>>>> That error should be caused by having MultiViews options but incorrect >>>>>> permissions (711 instead of 755) on the directory. >>>>> I just did chmod -R 755 /home/rgm/public_html and no change in >>>>> behavior. >>>>> >>>>> Even tried chmod -R 755 /home/rgm >>>> Are you actually using MultiViews? If you don't need that option, maybe >>>> the easiest thing is to take it out and see if the error message >>>> changes. >>> I am using the default conf file for userdir. >>> >>> /etc/httpd/conf.d/userdir.conf >>> >>> So I deleted Multiviews and now the error is: >>> >>> [Tue Dec 27 19:09:31.013176 2016] [autoindex:error] [pid 2138] >>> (13)Permission denied: [client 192.168.160.12:55762] AH01275: Can't >>> open directory for index: /home/rgm/public_html/family/ >>> >>> >>> ____ >> I know this is not going to help, but that error means that apache does >> not have access to read the directory /home/rgm/public_html/family/. >> That doesn't really fit with the rest of the evidence, that you have >> chmod 755 everything from /home/rgm/public_html downwards and that >> apache can read specific files from /home/rgm/public_html. >> John >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos > Here is a small test program that you can use to check the permissions. > > You can compile it with: > > cc -o test test.cThis is on Centos7-arm, so I will have to install all the build stuff, and hopefully won't take too long to compile.... Tomorrow most likely.> > then run it with: > > ./test apache /home/rgm/public_html/family/ > > where apache is the name of the user that your web server runs under > (check it with ps -ef | grep http). You should run it as root (or from > sudo). > > John > > ------test.c------- > > #include <pwd.h> > #include <stdio.h> > #include <stdlib.h> > #include <unistd.h> > #include <errno.h> > #include <sys/types.h> > #include <dirent.h> > > int > main(int argc, char *argv[]) > { > struct passwd pwd; > struct passwd *result; > char *buf; > size_t bufsize; > int s; > > if (argc != 3) { > fprintf(stderr, "Usage: %s username directory\n", argv[0]); > exit(EXIT_FAILURE); > } > > bufsize = sysconf(_SC_GETPW_R_SIZE_MAX); > if (bufsize == -1) /* Value was indeterminate */ > bufsize = 16384; /* Should be more than enough */ > > buf = malloc(bufsize); > if (buf == NULL) { > perror("malloc"); > exit(EXIT_FAILURE); > } > > s = getpwnam_r(argv[1], &pwd, buf, bufsize, &result); > if (result == NULL) { > if (s == 0) > printf("Not found\n"); > else { > errno = s; > perror("getpwnam_r"); > } > exit(EXIT_FAILURE); > } > > printf("Name: %s; UID: %ld GID: %ld\n", pwd.pw_gecos, (long) > pwd.pw_uid, (long) pwd.pw_gid); > > /* process is running as root, drop privileges */ > > if (getuid() == 0) { > if (setgid(pwd.pw_gid) != 0) { > perror("setgid: Unable to drop group privileges"); > exit(EXIT_FAILURE); > } > if (setuid(pwd.pw_uid) != 0) { > perror("setuid: Unable to drop user privileges"); > exit(EXIT_FAILURE); > } > printf("dropped privileges\n"); > } else { > errno = ENOTSUP; > perror("process is not running as root cannot change user\n"); > exit(EXIT_FAILURE); > } > > /* check privileges really dropped */ > > if (setuid(0) != -1) { > errno = ENOTSUP; > perror("ERROR: Managed to regain root privileges"); > exit(EXIT_FAILURE); > } > > /* open directory */ > > DIR * d; > d = opendir(argv[2]); > printf("Attempting to open directory %s\n",argv[2]); > if (d == NULL) { > perror("Error opening directory"); > exit(EXIT_FAILURE); > } else { > printf("Success opening directory %s\n",argv[2]); > } > exit(EXIT_SUCCESS); > } > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
On 12/28/2016 04:16 AM, Robert Moskowitz wrote:> > > On 12/27/2016 08:20 PM, John Fawcett wrote: >> On 12/28/2016 01:43 AM, John Fawcett wrote: >>> On 12/28/2016 01:12 AM, Robert Moskowitz wrote: >>>> On 12/27/2016 07:06 PM, John Fawcett wrote: >>>>> On 12/28/2016 12:34 AM, Robert Moskowitz wrote: >>>>>> On 12/27/2016 05:44 PM, John Fawcett wrote: >>>>>>> That error should be caused by having MultiViews options but >>>>>>> incorrect >>>>>>> permissions (711 instead of 755) on the directory. >>>>>> I just did chmod -R 755 /home/rgm/public_html and no change in >>>>>> behavior. >>>>>> >>>>>> Even tried chmod -R 755 /home/rgm >>>>> Are you actually using MultiViews? If you don't need that option, >>>>> maybe >>>>> the easiest thing is to take it out and see if the error message >>>>> changes. >>>> I am using the default conf file for userdir. >>>> >>>> /etc/httpd/conf.d/userdir.conf >>>> >>>> So I deleted Multiviews and now the error is: >>>> >>>> [Tue Dec 27 19:09:31.013176 2016] [autoindex:error] [pid 2138] >>>> (13)Permission denied: [client 192.168.160.12:55762] AH01275: Can't >>>> open directory for index: /home/rgm/public_html/family/ >>>> >>>> >>>> ____ >>> I know this is not going to help, but that error means that apache does >>> not have access to read the directory /home/rgm/public_html/family/. >>> That doesn't really fit with the rest of the evidence, that you have >>> chmod 755 everything from /home/rgm/public_html downwards and that >>> apache can read specific files from /home/rgm/public_html. >>> John >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> https://lists.centos.org/mailman/listinfo/centos >> Here is a small test program that you can use to check the permissions. >> >> You can compile it with: >> >> cc -o test test.c > > This is on Centos7-arm, so I will have to install all the build stuff, > and hopefully won't take too long to compile.... > > Tomorrow most likely. > > > >> >> then run it with: >> >> ./test apache /home/rgm/public_html/family/ >> >> where apache is the name of the user that your web server runs under >> (check it with ps -ef | grep http). You should run it as root (or from >> sudo). >> >> John >> >> ------test.c------- >> >> #include <pwd.h> >> #include <stdio.h> >> #include <stdlib.h> >> #include <unistd.h> >> #include <errno.h> >> #include <sys/types.h> >> #include <dirent.h> >> >> int >> main(int argc, char *argv[]) >> { >> struct passwd pwd; >> struct passwd *result; >> char *buf; >> size_t bufsize; >> int s; >> >> if (argc != 3) { >> fprintf(stderr, "Usage: %s username directory\n", argv[0]); >> exit(EXIT_FAILURE); >> } >> >> bufsize = sysconf(_SC_GETPW_R_SIZE_MAX); >> if (bufsize == -1) /* Value was indeterminate */ >> bufsize = 16384; /* Should be more than enough */ >> >> buf = malloc(bufsize); >> if (buf == NULL) { >> perror("malloc"); >> exit(EXIT_FAILURE); >> } >> >> s = getpwnam_r(argv[1], &pwd, buf, bufsize, &result); >> if (result == NULL) { >> if (s == 0) >> printf("Not found\n"); >> else { >> errno = s; >> perror("getpwnam_r"); >> } >> exit(EXIT_FAILURE); >> } >> >> printf("Name: %s; UID: %ld GID: %ld\n", pwd.pw_gecos, (long) >> pwd.pw_uid, (long) pwd.pw_gid); >> >> /* process is running as root, drop privileges */ >> >> if (getuid() == 0) { >> if (setgid(pwd.pw_gid) != 0) { >> perror("setgid: Unable to drop group privileges"); >> exit(EXIT_FAILURE); >> } >> if (setuid(pwd.pw_uid) != 0) { >> perror("setuid: Unable to drop user privileges"); >> exit(EXIT_FAILURE); >> } >> printf("dropped privileges\n"); >> } else { >> errno = ENOTSUP; >> perror("process is not running as root cannot change user\n"); >> exit(EXIT_FAILURE); >> } >> >> /* check privileges really dropped */ >> >> if (setuid(0) != -1) { >> errno = ENOTSUP; >> perror("ERROR: Managed to regain root privileges"); >> exit(EXIT_FAILURE); >> } >> >> /* open directory */ >> >> DIR * d; >> d = opendir(argv[2]); >> printf("Attempting to open directory %s\n",argv[2]); >> if (d == NULL) { >> perror("Error opening directory"); >> exit(EXIT_FAILURE); >> } else { >> printf("Success opening directory %s\n",argv[2]); >> } >> exit(EXIT_SUCCESS); >> } >> >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centosI'm not sure if it is worth installing a build system just for this unless you need it for other stuff. Maybe other lines of investigation will bring up something. John