httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Timothy Curchod <timof...@hotmail.com>
Subject RE: [users@httpd] Permission Still Denied with Moodle
Date Thu, 10 Oct 2013 10:17:47 GMT
Hi again,
Here is the result of the command you suggested Yehuda:
netstat -ln | grep 80tcp6       0      0 :::80                   :::*                    LISTEN
    udp6       0      0 :::22880                :::*                               unix  2
     [ ACC ]     STREAM     LISTENING     15965    @/tmp/.ICE-unix/806unix  2      [ ACC ]
    STREAM     LISTENING     15966    /tmp/.ICE-unix/806
And some more info:
/sbin/ifconfigem1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500        inet
192.168.1.100  netmask 255.255.255.0  broadcast 192.168.1.255        inet6 fe80::211:d8ff:fe26:a1ca
 prefixlen 64  scopeid 0x20<link>        ether 00:11:d8:26:a1:ca  txqueuelen 1000  (Ethernet)
       RX packets 3127  bytes 2155230 (2.0 MiB)        RX errors 0  dropped 0  overruns 0
 frame 0        TX packets 3300  bytes 639943 (624.9 KiB)        TX errors 0  dropped 0 overruns
0  carrier 0  collisions 0        device interrupt 17  
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536        inet 127.0.0.1  netmask 255.0.0.0
       inet6 ::1  prefixlen 128  scopeid 0x10<host>        loop  txqueuelen 0  (Local
Loopback)        RX packets 4  bytes 340 (340.0 B)        RX errors 0  dropped 0  overruns
0  frame 0        TX packets 4  bytes 340 (340.0 B)        TX errors 0  dropped 0 overruns
0  carrier 0  collisions 0
By the way, in the first e-mail, you might have seen the 'all' in the <Directory "/var/www/html">When
I restarted the server, it complained about that, so I commented it out, despite the notes
about it in the file.<Directory "/var/www/html">    Options Indexes FollowSymLinks 
  # AllowOverride controls what directives may be placed in .htaccess files.    # It can be
"All", "None", or any combination of the keywords:    #   Options FileInfo AuthConfig Limit
   #AllowOverride None    #all     Require all granted</Directory>
Regarding the SELinux suspicion, I tried the suggestions in that wiki before my first post.
 That's where I learned the "ls -alZ" command.  I should have put these in that e-mail.  Here
are the results on the pertinent folders:
drwxrwxr-x. apache apache system_u:object_r:httpd_sys_content_t:s0 www
drwxrwxr-x. apache apache system_u:object_r:httpd_sys_content_t:s0 .drwxr-xr-x. root   root
  system_u:object_r:var_t:s0       ..drwxrwxr-x. apache apache system_u:object_r:httpd_sys_script_exec_t:s0
cgi-bindrwxrwxr-x. apache apache system_u:object_r:httpd_sys_content_t:s0 html
-rwxr-xr-x. apache timothy unconfined_u:object_r:user_home_t:s0 index.php
Actually I don't know how to use the "change file SELinux security context" command.  But
as you can see, the html file setting is "httpd_sys_content_t", but the index.php file is
not.  I did try these commands:cp /etc/selinux/config /etc/selinux/config.bakDisable SELinuxsed
-i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/configI thought that would disable
SELinux to rule that out as a problem but it didn't appear to do anything.  Reading a little
bit more about the chcon command I tried it out:
chcon -R --reference=info.php moodle
Then files like the index all have that same httpd_sys_content_t label which is what Yehuda
suggested.  Still, there was no change in the Permission Denied situation.
-rwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 index.php
One thing I haven't looked at because I don't understand is the comment at the end of the
http://wiki.apache.org/httpd/13PermissionDenied article.  Maybe someone could translate this
into some concrete steps I could try:"In rare cases, this can be caused by other issues, such
as a file permissions problem elsewhere in your apache2.conf file. For example, a WSGIScriptAlias
directive not mapping to an actual file. The error message may not be accurate about which
file was unreadable."
Something funny is going on with the ip address however.  When I go to localhost, like I said
before, it prints this message:  "Incorrect access detected, this server may be accessed only
through "http://*.*.*.30:80/moodle" address, sorry.  Please notify server administrator. 
This page should automatically redirect. If nothing is happening please use the continue link
below."  The funny part is that the ip address does not end with a 30, but a 50, as Linksys
shows, and Tomcat, working on port 8080 on another box shows.  So why does that message point
to ...30:80/moodle?  Strange.
Any other suggestions would really help,
Thanks in advance,
Timothy.



From: yehuda@ymkatz.net
Date: Wed, 9 Oct 2013 20:03:45 -0400
To: users@httpd.apache.org
Subject: Re: [users@httpd] Permission Still Denied with Moodle

1. For the "http://*my ip*/moodle" problem:
It appears that there are no vhosts at all, so that should not get in the way.I should have
listed this before too: Can you check if apache is listening on all ips?

netstat -ln | grep 80
2. For the localhost problem: I can't shake the feeling that this is SELinux related, since
your permissions look OK.Did you look at this wiki article? I don't want to suggest anything
you already tried.

Did you try changing the SELinux context (I think the correct one should be httpd_sys_content_t)?
- Y

On Wed, Oct 9, 2013 at 7:34 PM, Timothy Curchod <timofeyc@hotmail.com> wrote:





Thanks for the reply Yehuda.  Here is the info you asked about.




ls -l

lrwxrwxrwx.   1 root root     7 Oct  8 17:13 bin -> usr/bin

dr-xr-xr-x.   5 root root  1024 Oct  8 17:31 boot

drwxr-xr-x   19 root root  3440 Oct 10 07:02 dev

drwxr-xr-x. 144 root root 12288 Oct 10 07:02 etc

drwxr-xr-x.   4 root root  4096 Jul  8 17:56 home

lrwxrwxrwx.   1 root root     7 Oct  8 17:13 lib -> usr/lib

lrwxrwxrwx.   1 root root     9 Oct  8 17:13 lib64 -> usr/lib64

drwx------.   2 root root 16384 Jun 28 02:09 lost+found

drwxr-xr-x.   2 root root  4096 Jul  8 17:56 media

drwxr-xr-x.   3 root root  4096 Jul  8 17:56 mnt

drwxr-xr-x.   3 root root  4096 Oct  8 18:42 opt

dr-xr-xr-x  166 root root     0 Oct 10 07:02 proc

dr-xr-x---.   5 root root  4096 Oct  9 22:42 root

drwxr-xr-x   39 root root  1180 Oct 10 07:02 run

lrwxrwxrwx.   1 root root     8 Oct  8 17:13 sbin -> usr/sbin

drwxr-xr-x.   2 root root  4096 Jul  8 17:56 srv

dr-xr-xr-x   13 root root     0 Oct 10 07:02 sys

drwxrwxrwt   13 root root   280 Oct 10 07:03 tmp

drwxr-xr-x.  13 root root  4096 Oct  8 17:13 usr

drwxr-xr-x.  23 root root  4096 Oct  9 12:21 var




Also, moodle requires a data folder which I put in var with 777 permissions:

drwxrwxrwx.  6 root   root   4096 Oct  9 12:55 moodledata




httpd -S

VirtualHost configuration:

ServerRoot: "/etc/httpd"

Main DocumentRoot: "/var/www/html"

Main ErrorLog: "/etc/httpd/logs/error_log"

Mutex proxy: using_defaults

Mutex authn-socache: using_defaults

Mutex default: dir="/run/httpd/" mechanism=default 

Mutex mpm-accept: using_defaults

Mutex authdigest-opaque: using_defaults

Mutex proxy-balancer-shm: using_defaults

Mutex rewrite-map: using_defaults

Mutex authdigest-client: using_defaults

PidFile: "/run/httpd/httpd.pid"

Define: DUMP_VHOSTS

Define: DUMP_RUN_CFG

User: name="apache" id=48 not_used

Group: name="apache" id=48 not_used




I have a Linksys router which has settings as such:

Start    End    Protocol    IP Address

80     80     both         192.168.1.100

8080    8080     both        192.168.1.126  <-- used with Tomcat which runs fine on another
box.




This is in the httpd.config file:




#

# Listen: Allows you to bind Apache to specific IP addresses and/or

# ports, instead of the default. See also the <VirtualHost>

# directive.

#

# Change this to Listen on specific IP addresses as shown below to 

# prevent Apache from glomming onto all bound IP addresses.

#

#Listen 12.34.56.78:80

Listen 80




What am I doing wrong?  Notice that info.php is in the documents directory and I can access
it fine.

-rw-r--r--.  1 apache root     20 Oct  9 11:32 info.php

I tried to create the page as my regular user, but was unable to save in that directory, so
I ended up creating it as root. How am I going to be able to work on Moodle development if
I can’t modify files in the www/html folder as a regular user?  This is a development server
with one user, myself.  Should I make all the files match the permissions on info.php and
do all my work as root?




Thanks for any help,



Timothy.



From: yehuda@ymkatz.net
Date: Wed, 9 Oct 2013 12:18:56 -0400
To: users@httpd.apache.org


Subject: Re: [users@httpd] Permission Still Denied with Moodle



"AH00035: access to /moodle/ denied (filesystem path '/var/www/html/moodle') because search
permissions are missing on a component of the path"

This implies that the x permission is missing. You posted for every directory except /var
. What are its permissions?I have no idea if selinux could get in the way or if setenforce
0 really gets rid of it.




Incorrect access detected, this server may be accessed only through "http://*my ip*/moodle"
address, sorry.  Please notify server administrator.



Does Moodle modify the default 403 error page? That is probably what this is.




If I use http://*my ip*/moodle or http://*my ip*:80/moodle I get this error:
Oops! Google Chrome could not connect to *my ip*Is apache set to listen to an IP besides 127.0.0.1?Run
httpd -S for the list of active vhosts.




- Y

On Wed, Oct 9, 2013 at 4:19 AM, Timothy Curchod <timofeyc@hotmail.com> wrote:








Hi,
I've tried a few times to setup moodle on LAMP but failed each time with the following errors:
If I use localhost/moodle, I get this error:




Incorrect access detected, this server may be accessed only through "http://*my ip*/moodle"
address, sorry.  Please notify server administrator.
If I use http://*my ip*/moodle or http://*my ip*:80/moodle I get this error:




Oops! Google Chrome could not connect to *my ip*
If I look in the /etc/httpd/logs/error_log I see:
[Wed Oct 09 14:59:46.240266 2013] [core:error] [pid 2279] (13)Permission denied: [client 127.0.0.1:43084]
AH00035: access to /moodle/ denied (filesystem path '/var/www/html/moodle') because search
permissions are missing on a component of the path




The wiki says this is an error 13 which indicates a filesystem permissions problem but I can't
see where.  I've looked at a lot of questions relating to permission problems that people
have had and it all seems to show that I have things set up correctly, or have tried the things
that should work.  




/etc/httpd/conf/httpd.conf contains...User apacheGroup apache...<Directory />    AllowOverride
none



    Require all denied</Directory>...<Directory "/var/www">    AllowOverride None
   # Allow open access:    Require all granted



</Directory>...<Directory "/var/www/html">    Options Indexes FollowSymLinks 
  #AllowOverride None    all     Require all granted



</Directory>
My directory permissions are:
drwxrwxr-x.  4 apache apache 4096 Oct  9 08:23 www
drwxrwxr-x. 2 apache apache 4096 Jul 31 15:50 cgi-bin



drwxrwxr-x. 3 apache apache 4096 Oct  9 14:07 html
-rw-r--r--.  1 apache root     20 Oct  9 11:32 info.phpdrwxr-xr-x. 44 apache apache 4096 Oct
 9 14:18 moodle




-rw-r-----.  1 apache apache    690 Oct  9 14:18 config.php-rwxr-xr-x.  1 apache timothy 35147
Oct  4 11:43 COPYING.txtdrwxr-xr-x.  7 apache timothy  4096 Oct  9 14:06 course-rwxr-xr-x.
 1 apache timothy  2594 Oct  4 11:43 draftfile.php



drwxr-xr-x. 17 apache timothy  4096 Oct  9 14:06 enroldrwxr-xr-x.  2 apache timothy  4096
Oct  9 14:06 error-rwxr-xr-x.  1 apache timothy  3923 Oct  4 11:43 file.phpdrwxr-xr-x.  3
apache timothy  4096 Oct  9 14:06 files



drwxr-xr-x. 14 apache timothy  4096 Oct  9 14:06 filter-rwxr-xr-x.  1 apache timothy   953
Oct  4 15:14 githash.phpdrwxr-xr-x.  8 apache timothy  4096 Oct  9 14:06 gradedrwxr-xr-x.
 3 apache timothy  4096 Oct  9 14:06 group



-rwxr-xr-x.  1 apache timothy  1423 Oct  4 11:43 help_ajax.php-rwxr-xr-x.  1 apache timothy
 1761 Oct  4 11:43 help.php-rwxr-xr-x.  1 apache timothy 13203 Oct  4 11:43 index.php




* tried setenforce 0.  The ls -alZ command returns 
-rwxr-xr-x. apache timothy unconfined_u:object_r:user_home_t:s0 index.php
* tried chown -R root on all files as well.



* ran the moodle setup script as such: # sudo -u apache /usr/bin/php install.php
I am using the following setup:Fedora 19Apache 2.4.6PHP 5.5.4moodle 2.5



MariaDB 5.5.32
Since the Moodle docs indicate this is a permissions problem with apache, I thought I should
ask here first.  Any suggestions or solutions would be much welcomed.




Thanks,
Timothy Curchod. 		 	   		  

 		 	   		  

 		 	   		  
Mime
View raw message