On Sat, Sep 29 2012, Michael Hampicke wrote:
> Am 29.09.2012 23:59, schrieb Allan Gottlieb:
>> On Sat, Sep 29 2012, Allan Gottlieb wrote:
>>> On my new install USERDIR is not working.
>>> When I try http://localhost/~gottlieb, firefox says
>>> "you don't have permission to access /~gottlieb"
>>> and the apache error log says
>>> "client denied by server configuration: /local/allan/gottlieb/public_html"
>>> The file permissions are ok since both
>>> file:///home/gottlieb/public_html/index.html and
>>> work fine.
>>> So I guess I screwed up the apache install, in particular USERDIR.
>>> eix shows userdir (see below)
>>> /etc/conf.d/apache2 has it (see below, diffs = with my working install)
>>> I have restarted apache, shutdown the machine overnight, reinstalled
>>> apache, but still no go.
>>> What step did I foolishly miss?
>> Finally! I have a filesystem mounted on /local for my local files
>> including my home directory /local/allan/gottlieb.
>> I put in a symlink /home -> /local/allan/gottlieb
>> so that programs looking in /home would be happy.
>> I had /etc/passwd say /local/allan/gottlieb since it is the real
>> apache doesn't like this. There is probably an option to let it do this
>> since it has several options on symlinks
>> However I simply changed /etc/passwd to say /home/gottlieb and apache
>> is happy.
> There's an option called FollowSymlinks which you can set per directory
> to allow apache to... yeah, follow symlinks
> Look for FollowSymlinks on http://httpd.apache.org/docs/2.2/mod/core.html
Yes. It was seeing that option that trigger me to believe symlinks
could have been the problem. It was easier to eliminate the one from
the "official home dir" to the "real home dir" than to understand if the
option would help. My lack of confidence was because the place I found
the option, it was turned on.
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Allow from all
<LimitExcept GET POST OPTIONS>
Deny from all
It looked to me that I was the owner and the follower. But as I said it
seemed easier to eliminate the problematic symlink than to figure out
where and when to set the option. Perhaps just changing
SymLinksIfOwnerMatch to FollowSymlinks would have done it.