User Directories On FreeBSD 8.0-RELEASE

--------------enigBE996328B10DD7E0D1AEAD5A
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

I am using the non-ports version of Apache. I downloaded 2.2.14 from
http://httpd.apache.org/download.cgi#apache22 just a little while ago. I
compiled, installed, got it running with minimal fuss. The issue is with
my user directories (e.g. $HOME/public_html ). I uncommented the line to
include the userdir conf file in the main configuration and started
apache. I get the "It Works" from 127.0.0.1 (this is purely for local
testing). When I go to 127.0.0.1/~usrname/ I get 403 Forbidden. I've
adjusted some of the settings in the userdir conf (had to adjust the
absolute path as the default is just a symlink to the real dir (FreeBSD
setup, not mine)) and I still get the same message. I returned the
userdir.conf file to it's default settings (except for the path to user
dirs) with no luck. Included below is the default setup that was
installed with Apache (I enabled the settings to install the local
manual and that pulls up just fine, nothing in it points to a solution
to this issue) for the userdir conf file.


AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

Order allow,deny
Allow from all


Order deny,allow
Deny from all




Am I just having a case of the stupids here? It has been a few years
since I've managed Apache even for local testing.
--=20
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.


--------------enigBE996328B10DD7E0D1AEAD5A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iQEcBAEBAgAGBQJLdd5TAAoJEENZQ8DH7rW0XNgH/0GvB6xbAPer9VYjp17I 7lkf
g8Deh9OU80ak9zPM+/xhQxtlEd218a8H53dtN6+wNn8GDOgjojIucsEbdfY0 ul+3
br3w/hjy4NF4hhb1kW7vO9BKltjRzBKa1G/QPgsjLfVo22Dg2zlUcaFdJUaI 7KZB
kKYiIHVGzxnvNpxQnsFyMP2kgVkQ1NXRcH1Ost1MwNmMBmROYxH4A508icWu aVwA
O7nrKvzKoRBiMn3x0qRD9OgDLp3Ls3bo8yaJiTMesklm6np/IYoOgoF2Y/20 JSSB
dkpgi97cJU+lCbYwTzoUmqVdxPOAAxsEg5HfpyRIcKfobfWs++a20l2Fq7OO aAY=
=8Ft1
-----END PGP SIGNATURE-----

--------------enigBE996328B10DD7E0D1AEAD5A--

Re: User Directories On FreeBSD 8.0-RELEASE

--------------------------------------------------
From: "Programmer In Training"
Sent: 12 February, 2010 23:03
To: "Apache Users"
Subject: [users@httpd] User Directories On FreeBSD 8.0-RELEASE



I am using the non-ports version of Apache. I downloaded 2.2.14 from
http://httpd.apache.org/download.cgi#apache22 just a little while ago. I
compiled, installed, got it running with minimal fuss. The issue is with
my user directories (e.g. $HOME/public_html ). I uncommented the line to
include the userdir conf file in the main configuration and started
apache. I get the "It Works" from 127.0.0.1 (this is purely for local
testing). When I go to 127.0.0.1/~usrname/ I get 403 Forbidden. I've
adjusted some of the settings in the userdir conf (had to adjust the
absolute path as the default is just a symlink to the real dir (FreeBSD
setup, not mine)) and I still get the same message. I returned the
userdir.conf file to it's default settings (except for the path to user
dirs) with no luck. Included below is the default setup that was
installed with Apache (I enabled the settings to install the local
manual and that pulls up just fine, nothing in it points to a solution
to this issue) for the userdir conf file.


AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

Order allow,deny
Allow from all


Order deny,allow
Deny from all




Am I just having a case of the stupids here? It has been a few years
since I've managed Apache even for local testing.
--
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.

------------------------------------------------------------ ----------------------------


Here is my httpd-userdir.conf file:

# Settings for user home directories
#
# Required module: mod_userdir

#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received. Note that you must also set
# the default access control for these directories, as in the example below.
#
UserDir public_html

#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#

AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

Order allow,deny
Allow from all


Order deny,allow
Deny from all



~
The above works just fine.

However, I need a new router as the one I have has crappy/bugged firmware on it.

Thanks,
Daniel


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: User Directories On FreeBSD 8.0-RELEASE

--------------enig6E1E49FB1129F5ED1B0F45C2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 02/13/10 05:16, Daniel Reinhardt wrote:
> Here is my httpd-userdir.conf file:

> The above works just fine.

Yeah, that is exactly the same as mine.

I went ahead and recompiled Apache, letting mod_userdir be a shared
module to be loaded, thinking that might be at issue. It wasn't and
nothing has changed. I still get 403 Forbidden. the public_html
directory in question has user and group ownership equal to the owner of
the login. Do I need to change that for apache (which is running as
daemon.daemon)?

--=20
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.


--------------enig6E1E49FB1129F5ED1B0F45C2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iQEcBAEBAgAGBQJLdqOXAAoJEENZQ8DH7rW0JWMIAKz/jgfm68JGdUDBbsTu 2FlY
AIEBU4Hlhviv0aXeTpKU4igwzLIfeTbCDQouKyfxCzWl7GCG1kG+ZwcWSvhE K70O
mUvyswaV8ExFXzVB2ubixUt4F202M1ntjB57FqlvGcseL/NDq/BiHYyTP/FI oNK/
iWH6jyk+6Yh7dZKcTv+mgTyn8qEYHaK+cxpfjRTFk0NOxSeCGoDYmZHeKzik bgfF
6YESxSnsIUWZEhxj9fhHZ4QiTvY9Ssh8eALSQoCCxhc3Aug8dTN+yQN527nX zI4E
fElelfb/wTJgrbuU6XftjvyqrJmKr+P1MvyEIV/LdYSoDeC1JV6tfXb+Nfzg djE=
=s8Hi
-----END PGP SIGNATURE-----

--------------enig6E1E49FB1129F5ED1B0F45C2--

Re: User Directories On FreeBSD 8.0-RELEASE

On Sat, Feb 13, 2010 at 8:05 AM, Programmer In Training
wrote:
> On 02/13/10 05:16, Daniel Reinhardt wrote:
> I still get 403 Forbidden. the public_html
> directory in question has user and group ownership equal to the owner of
> the login. Do I need to change that for apache (which is running as
> daemon.daemon)?

What does the error log say, and can the apache user read/execute all
the directories from the root directory to the public_html/ ?

--
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: User Directories On FreeBSD 8.0-RELEASE

--------------enigDF3239DD3DA9FCD849A117B0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 02/13/10 08:02, Eric Covener wrote:
> On Sat, Feb 13, 2010 at 8:05 AM, Programmer In Training
> wrote:
>> On 02/13/10 05:16, Daniel Reinhardt wrote:
>> I still get 403 Forbidden. the public_html
>> directory in question has user and group ownership equal to the owner =
of
>> the login. Do I need to change that for apache (which is running as
>> daemon.daemon)?
>=20
> What does the error log say, and can the apache user read/execute all
> the directories from the root directory to the public_html/ ?
>=20

The error log says:

[Sat Feb 13 08:15:33 2010] [error] [client 127.0.0.1] client denied by
server configuration: /home/$USER/public_html/

The httpd-userdir.conf file tells it:



There is nothing in httpd.conf to tell it to look in
/home/$USER/public_html/ (on FreeBSD /home/ is a symlink to /usr/home/)

Is there an option I need to set at compile time for this behavior
(which apparently is standard for FreeBSD)? Or is there another config
option I need to set first?
--=20
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.


--------------enigDF3239DD3DA9FCD849A117B0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iQEcBAEBAgAGBQJLdrV2AAoJEENZQ8DH7rW0sG0IAISUKwes6AYZyXwqKIps ne5b
gIroS2ZNVntRH0aaW2W/8LEc28T4R+QR4HU9GIeJcBO4sg+HK0xAinvpeSWt Q5o9
0z470aeOLHSEW3wElCNeg98BAuhXza1FdA9DOyGXvWKkON+Hthpu1sIqM6E9 g7E+
bWwik3G1QSgtOBTfAFue7k52gVRgOzIgMQoKsptCqzTcRbEuWDSPE4ih6nnJ d4x8
hcukIcYFxxoZgFHLnb3LWjQK/SgMbZi+BBKHmYgUhbCGLB8Y/wk6BipXCJgG cSkz
HFVWC2K+ocLQN5a7oKr7LiqNe4oZk+06U2FVR7C39hsAWvK/tcf5+aUTC9Pa 9+o=
=eOU5
-----END PGP SIGNATURE-----

--------------enigDF3239DD3DA9FCD849A117B0--

Re: User Directories On FreeBSD 8.0-RELEASE

--------------------------------------------------
From: "Programmer In Training"
Sent: 13 February, 2010 14:21
To:
Subject: Re: [users@httpd] User Directories On FreeBSD 8.0-RELEASE



On 02/13/10 08:02, Eric Covener wrote:
> On Sat, Feb 13, 2010 at 8:05 AM, Programmer In Training
> wrote:
>> On 02/13/10 05:16, Daniel Reinhardt wrote:
>> I still get 403 Forbidden. the public_html
>> directory in question has user and group ownership equal to the owner of
>> the login. Do I need to change that for apache (which is running as
>> daemon.daemon)?
>
> What does the error log say, and can the apache user read/execute all
> the directories from the root directory to the public_html/ ?
>

The error log says:

[Sat Feb 13 08:15:33 2010] [error] [client 127.0.0.1] client denied by
server configuration: /home/$USER/public_html/

The httpd-userdir.conf file tells it:

------------------------------------------------------------ ----> "/usr/home/*/public_html">

There is nothing in httpd.conf to tell it to look in
/home/$USER/public_html/ (on FreeBSD /home/ is a symlink to /usr/home/)

Is there an option I need to set at compile time for this behavior
(which apparently is standard for FreeBSD)? Or is there another config
option I need to set first?
--
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.

----------------------------------------------------------

Change the indicated line to reflect /home/$user/

I have used FreeBSD, and there is no symlink to APache to /usr/home. In fact, I
do not think that /usr/home even exists unless you create it. The only UNix OS
I have used where /home is any other place is solaris and that's located in
/export/home.

Thanks,
Dan


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: User Directories On FreeBSD 8.0-RELEASE

--------------enig7D8E790EEFC81C82B1616CB1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 02/13/10 14:30, Daniel Reinhardt wrote:
>=20
> Change the indicated line to reflect /home/$user/
>=20
> I have used FreeBSD, and there is no symlink to APache to /usr/home. I=
n
> fact, I do not think that /usr/home even exists unless you create it.=20
> The only UNix OS I have used where /home is any other place is solaris
> and that's located in /export/home.
>=20
> Thanks,
> Dan

[$USER@hostname] pwd
/usr/home/$USER

I don't know what you were doing, but this is how it was AT INSTALL. I
changed absolutely nothing from the default install of FreeBSD. Even a
close and trusted friend of mine (who has been using FreeBSD longer than
I have) says that /usr/home/* is how FreeBSD sets up user directories.

I do have a /home directory, but this is what it looks like:

[$USER@hostname] cd /home/$USER/
[$USER@hostname] ls
10000fonts/ Home.html apu-notes
firefox-bin.core purple.bak/ time-in-between
Desktop/ Home.ics backups/
fromwindows/ signature-files/ wmaker.core
Downloads/ Personas/ bluefish-projects/
private-public-keys/ soffice.bin.core
GNUstep/ Temp/ documents/
public_html/ sound-themes/
[$USER@hostname] pwd
/usr/home/$USER
[$USER@hostname]

So please, don't tell me that /home isn't a symlink to /usr/home (or
that I changed anything during install).

Changed the line, graceful restart:

I'm /still/ getting 403 Forbidden

Logfile tells me:
[Sat Feb 13 14:54:06 2010] [error] [client 127.0.0.1] client denied by
server configuration: /home/janagyjr/public_html/

If asked, I will attach the httpd.conf (appropriately sanitized) with
httpd-userdir.conf and send it off-list to someone. I don't ever recall
having this much problem with Apache before.
--=20
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.


--------------enig7D8E790EEFC81C82B1616CB1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iQEcBAEBAgAGBQJLdxIBAAoJEENZQ8DH7rW0KlkH+QGW8nNJqh9tIAU5Y6q9 B2of
QGdi6G+gpzDEEfGx8bmDFm2zZ7Nyfm4g4Eh5pLxXEM1vzg34Bku0j4PQsAOa U7OG
g5v4lPEaxUpBn9P1uHkKMu9bzRnSFyA7EE8ZZfKOUlz+YAZrVYlKX9/jjXkB mGCo
2xP/gNzg7prX1pRnqmGKpzhpHhtlQq/hQiziVRaI/i/btu/J1IMjqiyfmRFM B/Mg
UFbnczpgWcYbDn/VDnJpUF/JNxWMrMTTH+BzHBgD1Rstqg+0427gbTmgx8S0 A/oX
o/cPgMOvXpoOprBy8rMXONv+ux4/8+kMp9aeYtSKSCHWmWFmfFYAbas1lJ8l N30=
=yTBt
-----END PGP SIGNATURE-----

--------------enig7D8E790EEFC81C82B1616CB1--

[SOLVED]Re: [users@httpd] User Directories On FreeBSD 8.0-RELEASE

--------------enigB608451A11EE85655FDE3878
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Just thought I'd let you folks know that this was resolved (I took the
question to the FreeBSD mailing list because I believed it to be a
problem with the OS, turns out it was and it wasn't).

--=20
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.


--------------enigB608451A11EE85655FDE3878
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iQEcBAEBAgAGBQJLfqn0AAoJEENZQ8DH7rW0jFIH/jVa/UQ3n9fUuGDiz2Di T57l
qCXy7Wg4Pz1LPmTalFwH5kCVbqt9xUimsBryxibXDiPow1IcIy4MwKKSsL62 RMMV
ZoMe2nvhb5eLftGevKn6df/7UtUcPlB3U5Wzxp8cJPRBfD9F9jZlfzv8ix4m KTkh
5MozJVF9HJKEcl+V6THe21MPvzUb7aeBXKxCOFlP7YjQ9Xu75RZR7RtGlbad 6yU2
dfr9kiO1IksgDIWU/mUov4muTt3vtHJXOefg1mhlLCeBXW+sDjcBbj1AB3Po 8JzU
LlOsQjbccrRKkSp55nuVix04OM33gkv2xn2LCNHr8LFI2eo9R6A7IdjClVwf Khs=
=sZOr
-----END PGP SIGNATURE-----

--------------enigB608451A11EE85655FDE3878--

Re: [SOLVED]Re: [users@httpd] User Directories On

On Fri, Feb 19, 2010 at 10:10 AM, Programmer In Training
wrote:
> Just thought I'd let you folks know that this was resolved (I took the
> question to the FreeBSD mailing list because I believed it to be a
> problem with the OS, turns out it was and it wasn't).

Can you share the resolution, for archive/search purposes?

--
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [SOLVED]Re: [users@httpd] User Directories On FreeBSD 8.0-RELEASE

--------------enig55F594BC5D41CE0D6D6F7B87
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 02/19/10 09:11, Eric Covener wrote:
> On Fri, Feb 19, 2010 at 10:10 AM, Programmer In Training
> wrote:
>> Just thought I'd let you folks know that this was resolved (I took the=

>> question to the FreeBSD mailing list because I believed it to be a
>> problem with the OS, turns out it was and it wasn't).
>=20
> Can you share the resolution, for archive/search purposes?
>=20

Yes, despite /home being a symlink to /usr/home on my system, Apache
apparently looks at "the home directory path returned from getpwent() by
default under FreeBSD that's /home/user1/ Nevermind that much of the
time /home is a symlink to /usr/home -- it's the path returned from the
passwd file that apache uses for comparison, long before trying to
resolve any symlinks and open anything on the hard-drive." (quoted from
the user on the FreeBSD list who explained this to me).

Also, making sure SymLinksIfOwnerMatch and FollowSymLinks is in your
conf files in the appropriate places probably won't hurt.

So based on the above I set


Back to


My confusion in solving this problem was with regard to where Apache
first looks for the directory path. Had I known the above I would have
never set it to /usr/home/*/public_html

Thank you all for your help. It was much appreciated.
--=20
Yours In Christ,

PIT
Emails are not formal business letters, whatever businesses may want.


--------------enig55F594BC5D41CE0D6D6F7B87
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iQEcBAEBAgAGBQJLfq0CAAoJEENZQ8DH7rW0j/IH/1954Bmzve9J8eZAtc1h DVHX
dAWwqM/Sml38uybMD5zK91BfdJXL6Xr/zxnWIvDxnn+iHJZL315nNNEVundK y2Dx
iDXYgpPpTCbYJCV9IF8/iZDCum3w/ZtWN0xOlumgfm9sRDPntNkiAaWmUoAo pmfP
WRlCrFechyhJM70PUWhKLncV2UrZBmnJybQsNgLope3KAldACvQfEv6sQsIq LKTl
f6u+l2U9gr4XVMhJYQQFknXsTDFuiP5V8VoafrIz91JndyLwHXxkww/PW6XL tWKo
DIMQZNzZ4tboKyghEnxf/c8oDp7ulqS2jxidH9MQbnid973ERuxYl5syduDL 7tw=
=4ObV
-----END PGP SIGNATURE-----

--------------enig55F594BC5D41CE0D6D6F7B87--