httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] permissions problem
Date Tue, 31 Jan 2006 03:09:51 GMT
On 1/30/06, Dr. Stephen Judd <sjudd@seas.upenn.edu> wrote:
>
>
> On 2006 Jan 30, at 4:01 PM, Joshua Slive wrote:
>
> On 1/30/06, David Salisbury <salisbury@globe.gov> wrote:
>
>
>
>
> [Mon Jan 30 15:54:49 2006] [error] (13)Permission denied: access to
> /radar/data/hi3.html denied
>
>
> I'm not so sure about your "forbidden by rule" assumption.  I believe if
> you were to Deny access to an IP address you get a simple "permission
> denied".
> So I wouldn't discount a configuration problem.. maybe even a hidden
> .htaccess
> guy hanging out.
>
> No, in this case, "permission denied" (errorno=EACCES=13) is what the
> OS is returning when apache tries to open the file.
>
> Try logging in as the user specified in the User/Group directive and
> see if you can access the file.
>
> Joshua.
> The config file says this:
> User apache
> Group apache
> The straightforward way of doing what you ask for does not work:
> [root@database ~]# su apache
> This account is currently not available.
> I don't know exactly what that means or how to get around it,
> but I investigated this much further the other day and found some
> oddities...
>
> I wrote a little script to look into the issue of who the user is:
> <?php
> clearstatcache();
> $yuzer= $_ENV['USER']; $lognm= $_ENV['LOGNAME'];
> print "USER= $yuzer, LOGNAME= $lognm<br/>\n";
> $getperms= fileperms('data') & 0777;
> print "fileperms are: $getperms <br/>\n";
> if ($getperms ==0) print "cannot access<br/>\n";
> ?>
>
> When invoked via the web, it apparently runs as root(!) (not apache?!)
> and gives a message saying that it cannot do a stat:
> USER= root, LOGNAME= root
> fileperms are: 0
> cannot access
>
> When invoked from the command line (in any of several users I tried)
> it works fine and accesses the file. I'm baffled. Is the "root" user
> it purports to be the same as the usual system root user? If so, why
> can it not access a file that everyone else can? If not, then who is it??

USER/LOGNAME are probably inherited from the parent apache process. 
If you create a file in /tmp, you'll probably find it is owned by
apache.

Your problem still sounds very much like SELinux to me.  Are you
absolutely positive you are not running that?  What exact version of
redhat are you running?

If not, check the permissions on every file and directory starting
with the one you are trying to access and going all the way up the
tree.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message