On my new install USERDIR is not working.

When I try http://localhost/~gottlieb, firefox says
"you don't have permission to access /~gottlieb"
and the apache error log says
"client denied by server configuration: /local/allan/gottlieb/public_html"

The file permissions are ok since both
file:///home/gottlieb/public_html/index.html and
file:///home/gottlieb/public_html
work fine.

So I guess I screwed up the apache install, in particular USERDIR.

eix shows userdir (see below)

/etc/conf.d/apache2 has it (see below, diffs = with my working install)

I have restarted apache, shutdown the machine overnight, reinstalled
apache, but still no go.

What step did I foolishly miss?

thanks,
allan

================================================== ==============

newlap gottlieb # eix -e apache
[i] www-servers/apache
Available versions: (2) 2.2.22-r1 [M](~)2.4.2
{{debug doc ldap selinux ssl static suexec threads APACHE2_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta cgi cgid charset_lite dav dav_fs dav_lock dbd deflate dir disk_cache dumpio env expires ext_filter file_cache filter headers ident imagemap include info log_config log_forensic logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi reqtimeout rewrite setenvif speling status substitute unique_id userdir usertrack version vhost_alias" APACHE2_MPMS="event itk peruser prefork worker"}}
Installed versions: 2.2.22-r1(2)(10:23:21 PM 09/28/2012)(ldap ssl -debug -doc -selinux -static -suexec -threads APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias -asis -auth_digest -authn_dbd -cern_meta -charset_lite -dbd -dumpio -ident -imagemap -log_forensic -proxy -proxy_ajp -proxy_balancer -proxy_connect -proxy_ftp -proxy_http -proxy_scgi -reqtimeout -substitute -version" APACHE2_MPMS="-event -itk -peruser -prefork -worker")
Homepage: http://httpd.apache.org/
Description: The Apache Web Server.


newlap gottlieb # cat /etc/conf.d/apache2
# /etc/conf.d/apache2: config file for /etc/init.d/apache2

# ajg: Added support for USERDIR, i.e., ~/public_html

# When you install a module it is easy to activate or deactivate the modules
# and other features of apache using the APACHE2_OPTS line. Every module should
# install a configuration in /etc/apache2/modules.d. In that file will be an
# <IfDefine NNN> directive where NNN is the option to enable that module.
#
# Here are the options available in the default configuration:
#
# AUTH_DIGEST Enables mod_auth_digest
# AUTHNZ_LDAP Enables authentication through mod_ldap (available if USE=ldap)
# CACHE Enables mod_cache
# DAV Enables mod_dav
# ERRORDOCS Enables default error documents for many languages.
# INFO Enables mod_info, a useful module for debugging
# LANGUAGE Enables content-negotiation based on language and charset.
# LDAP Enables mod_ldap (available if USE=ldap)
# MANUAL Enables /manual/ to be the apache manual (available if USE=docs)
# MEM_CACHE Enables default configuration mod_mem_cache
# PROXY Enables mod_proxy
# SSL Enables SSL (available if USE=ssl)
# STATUS Enabled mod_status, a useful module for statistics
# SUEXEC Enables running CGI scripts (in USERDIR) through suexec.
# USERDIR Enables /~username mapping to /home/username/public_html
#
#
# The following two options provide the default virtual host for the HTTP and
# HTTPS protocol. YOU NEED TO ENABLE AT LEAST ONE OF THEM, otherwise apache
# will not listen for incomming connections on the approriate port.
#
# DEFAULT_VHOST Enables name-based virtual hosts, with the default
# virtual host being in /var/www/localhost/htdocs
# SSL_DEFAULT_VHOST Enables default vhost for SSL (you should enable this
# when you enable SSL)
#
APACHE2_OPTS="-D DEFAULT_VHOST -D USERDIR -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE"

# Extended options for advanced uses of Apache ONLY
# You don't need to edit these unless you are doing crazy Apache stuff
# As not having them set correctly, or feeding in an incorrect configuration
# via them will result in Apache failing to start
# YOU HAVE BEEN WARNED.

# PID file
#PIDFILE=/var/run/apache2.pid

# timeout for startup/shutdown checks
#TIMEOUT=10

# ServerRoot setting
#SERVERROOT=/usr/lib64/apache2

# Configuration file location
# - If this does NOT start with a '/', then it is treated relative to
# $SERVERROOT by Apache
#CONFIGFILE=/etc/apache2/httpd.conf

# Location to log startup errors to
# They are normally dumped to your terminal.
#STARTUPERRORLOG="/var/log/apache2/startuperror.log"

# A command that outputs a formatted text version of the HTML at the URL
# of the command line. Designed for lynx, however other programs may work.
#LYNX="lynx -dump"

# The URL to your server's mod_status status page.
# Required for status and fullstatus
#STATUSURL="http://localhost/server-status"

# Method to use when reloading the server
# Valid options are 'restart' and 'graceful'
# See http://httpd.apache.org/docs/2.2/stopping.html for information on
# what they do and how they differ.
#RELOAD_TYPE="graceful"
newlap gottlieb #

Am 29.09.2012 17:08, schrieb Allan Gottlieb:
> On my new install USERDIR is not working.
>
> When I try http://localhost/~gottlieb, firefox says
> "you don't have permission to access /~gottlieb"
> and the apache error log says
> "client denied by server configuration: /local/allan/gottlieb/public_html"
>
> The file permissions are ok since both
> file:///home/gottlieb/public_html/index.html and
> file:///home/gottlieb/public_html
> work fine.
>

I am sure your user has access to the files - thus allowing you to
browse them locally (file:///) - but does apache (more precisely the
systems user 'apache') have access to this files?

Have you tried this:

# sudu -u apache cat /home/gottlieb/public_html/index.html

On Sat, Sep 29 2012, Michael Hampicke wrote:

> Am 29.09.2012 17:08, schrieb Allan Gottlieb:
>> On my new install USERDIR is not working.
>>
>> When I try http://localhost/~gottlieb, firefox says
>> "you don't have permission to access /~gottlieb"
>> and the apache error log says
>> "client denied by server configuration: /local/allan/gottlieb/public_html"
>>
>> The file permissions are ok since both
>> file:///home/gottlieb/public_html/index.html and
>> file:///home/gottlieb/public_html
>> work fine.
>>
>
> I am sure your user has access to the files - thus allowing you to
> browse them locally (file:///) - but does apache (more precisely the
> systems user 'apache') have access to this files?
>
> Have you tried this:
>
> # sudu -u apache cat /home/gottlieb/public_html/index.html

I just did and the file appears on the screen.
Also I checked the permissions of
/ /home /home/gottlieb /home/gottlieb and /home/gottlieb/public_html

newlap local # ls -ld / /home /home/gottlieb
drwxr-xr-x 23 root root 4096 Sep 27 23:47 /
drwxr-xr-x 2 root root 4096 Sep 24 13:58 /home
lrwxrwxrwx 1 root root 21 Sep 24 13:58 /home/gottlieb -> /local/allan/gottlieb
newlap local # ls -ld /local/allan/gottlieb /local/allan/gottlieb/public_html/
drwxr-xr-x 41 gottlieb gottlieb 4096 Sep 29 12:42 /local/allan/gottlieb
drwxr-xr-x 23 gottlieb gottlieb 4096 Sep 24 14:29 /local/allan/gottlieb/public_html/
newlap local #

I'm still looking. Let me know if you think of something else.

thanks,
allan

On Sat, 29 Sep 2012 11:08:41 -0400, Allan Gottlieb wrote:

> When I try http://localhost/~gottlieb, firefox says
> "you don't have permission to access /~gottlieb"
> and the apache error log says
> "client denied by server
> configuration: /local/allan/gottlieb/public_html"
>
> The file permissions are ok since both
> file:///home/gottlieb/public_html/index.html and
> file:///home/gottlieb/public_html
> work fine.

It's not file permissions, the error message says "server configuration",
probably some Allow/Deny magic.


--
Neil Bothwick

Why is the word abbreviation so long?

Am 29.09.2012 19:52, schrieb Neil Bothwick:
> On Sat, 29 Sep 2012 11:08:41 -0400, Allan Gottlieb wrote:
>
>> When I try http://localhost/~gottlieb, firefox says
>> "you don't have permission to access /~gottlieb"
>> and the apache error log says
>> "client denied by server
>> configuration: /local/allan/gottlieb/public_html"
>>
>> The file permissions are ok since both
>> file:///home/gottlieb/public_html/index.html and
>> file:///home/gottlieb/public_html
>> work fine.
>
> It's not file permissions, the error message says "server configuration",
> probably some Allow/Deny magic.
>
>

Yeah, now I see it:

"client denied by server configuration:"

/local/allan/gottlieb/public_html

The file permissions are ok since both
file:///home/gottlieb/public_html/index.html

So there's /local/allan vs /home/gottlieb

If you correct the DocumentRoot it will work

On Sat, Sep 29 2012, Michael Hampicke wrote:

> Am 29.09.2012 19:52, schrieb Neil Bothwick:
>> On Sat, 29 Sep 2012 11:08:41 -0400, Allan Gottlieb wrote:
>>
>>> When I try http://localhost/~gottlieb, firefox says
>>> "you don't have permission to access /~gottlieb"
>>> and the apache error log says
>>> "client denied by server
>>> configuration: /local/allan/gottlieb/public_html"
>>>
>>> The file permissions are ok since both
>>> file:///home/gottlieb/public_html/index.html and
>>> file:///home/gottlieb/public_html
>>> work fine.
>>
>> It's not file permissions, the error message says "server configuration",
>> probably some Allow/Deny magic.
>>
>>
>
> Yeah, now I see it:
>
> "client denied by server configuration:"
>
> /local/allan/gottlieb/public_html
>
> The file permissions are ok since both
> file:///home/gottlieb/public_html/index.html
>
> So there's /local/allan vs /home/gottlieb
>
> If you correct the DocumentRoot it will work

I don't understand what is wrong with DocumentRoot. It is unchanged at
/var/www/localhost/htdocs and accessing http://localhost works fine.

/etc/conf.d/apache says
# USERDIR Enables /~username mapping to /home/username/public_html

So /~gottlieb --> /home/gottlieb/public_html

/home/gottlieb -> /local/allan/gottlieb

and all directories in both paths have permissions >= 555

I know a symlink /home/gottlieb -> /local/allan/gottlieb is OK
for apache since my current install has

/home/gottlieb -> /allan/gottlieb /allan -> /local/allan
and everything works.

I agree with neil that it is probably allow/deny, but I don't see any
differences between my old and new (both are pretty much stock).
The new is essentially unchanged from the emerged package (added USERDIR
to /etc/conf.d/apache2) and I have diff'ed old with new and they seem the
same. There must be some place I haven't looked.

I appreciate all the effort.
allan gottlieb