httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dr. Stephen Judd" <sj...@seas.upenn.edu>
Subject Re: [users@httpd] permissions problem
Date Mon, 30 Jan 2006 21:36:00 GMT

On 2006 Jan 30, at 4:01 PM, Joshua Slive wrote:

> On 1/30/06, David Salisbury <salisbury@globe.gov> wrote:
>
>>>>> [Mon Jan 30 15:54:49 2006] [error] (13)Permission denied:  
>>>>> access to
>>>>> /radar/data/hi3.html denied
>
>> I'm not so sure about your "forbidden by rule" assumption.  I  
>> believe if
>> you were to Deny access to an IP address you get a simple  
>> "permission denied".
>> So I wouldn't discount a configuration problem.. maybe even a  
>> hidden .htaccess
>> guy hanging out.
>
> No, in this case, "permission denied" (errorno=EACCES=13) is what the
> OS is returning when apache tries to open the file.
>
> Try logging in as the user specified in the User/Group directive and
> see if you can access the file.
>
> Joshua.

The config file says this:
User apache
Group apache
The straightforward way of doing what you ask for does not work:
[root@database ~]# su apache
This account is currently not available.
I don't know exactly what that means or how to get around it,
but I investigated this much further the other day and found some  
oddities...

I wrote a little script to look into the issue of who the user is:
<?php
clearstatcache();
$yuzer= $_ENV['USER']; $lognm= $_ENV['LOGNAME'];
print "USER= $yuzer, LOGNAME= $lognm<br/>\n";
$getperms= fileperms('data') & 0777;
print "fileperms are: $getperms <br/>\n";
if ($getperms ==0) print "cannot access<br/>\n";
?>

When invoked via the web, it apparently runs as root(!) (not apache?!)
and gives a message saying that it cannot do a stat:
USER= root, LOGNAME= root
fileperms are: 0
cannot access

When invoked from the command line (in any of several users I tried)
it works fine and accesses the file. I'm baffled. Is the "root" user
it purports to be the same as the usual system root user? If so, why
can it not access a file that everyone else can? If not, then who is  
it??
sj




Mime
View raw message