Setup User Directory to Host web page(still tinkering....)

[paCkeTroUTer]

First of all I should thank the people behind mandrakeusers.org for creating this community. I have been searching around for a place to discuss my issues without success. Atlast I truned to Mandrake home page and there you go.... I am here with my first Mandrake question.

 

To go ahead with my question, I shall give a brief introduction about myself, on what I know and what I don't know.

 

I am a web developer, mainly developing with php/mysql for the last year. My development was completely on Micro$oft, but now I am trying to completly switch over to Linux and have choosen Mandrake over Redhat simply because of the GUI being better than RedHat.

 

ok going on to my question, I am trying to configure my user account to run apache/php/mysql/progresql through my user account.

 

Right now I can put stuff in /var/www/html and I can access them via http://localhost

 

What I am trying to do is be able to put my contents into my home directory /home/jeffery/public_html and access it via http://localhost/~jeffery <-- being my username on the machine

 

I have used Drake Wizard from Control Panel and configured my Web Server for this purpose. Then I created a folder named public_html in my home directory /home/jeffery/public_html I have then put a php file in that folder and tried to access it via http://localhost/~jeffery/phpinfo.php but all I get is:

Forbidden

 

You don't have permission to access /~jeffery/index.htm on this server.

 

I check my log file in /var/log/httpd and here is the last line:

[Thu Oct 02 23:36:35 2003] [error] [client 127.0.0.1] (13)Permission denied: access to /~jeffery/phpinfo.php denied

 

The config file under /etc/httpd/conf/commonhttpd.conf reads like this:

### Common server configuration

#

User apache

Group apache

 

#

# ServerAdmin: Your address, where problems with the server should be

# e-mailed.  This address appears on some server-generated pages, such

# as error documents.

#

ServerAdmin root@localhost

 

# DocumentRoot: The directory out of which you will serve your

# documents. By default, all requests are taken from this directory, but

# symbolic links and aliases may be used to point to other locations.

# DO NOT MODIFY THIS ONE, USE httpd.conf and httpd-perl.conf

#DocumentRoot /var/www/html

 

 

#

# Each directory to which Apache has access, can be configured with respect

# to which services and features are allowed and/or disabled in that

# directory (and its subdirectories).

#

# First, we configure the "default" to be a very restrictive set of

# permissions.

#

# Also, for security, we disable indexes globally

#

#<Directory />

#    Options -Indexes FollowSymLinks

#    AllowOverride None

#</Directory>

 

#Restricted set of options

<Directory />

  Options -All -Multiviews

  AllowOverride None

  <IfModule mod_access.c>

    Order deny,allow

    Allow from all

  </IfModule>

</Directory>

 

 

#

# Note that from this point forward you must specifically allow

# particular features to be enabled - so if something's not working as

# you might expect, make sure that you have specifically enabled it

# below.

#

 

 

#

# UserDir: The name of the directory which is appended onto a user's home

# directory if a ~user request is received.

#

<IfModule mod_userdir.c>

    UserDir public_html

</IfModule>

 

Thats not all of it... I just pasted the first few configuration options thinking my configuration might be wrong in one of them. Or perhaps I have to change some user permissions for the folder/files/group etc in my home directory ?

 

If anyone have any experience in this area, your help would be much appreciated. Thanks

 

Jeffery

[Gowator]

Well welcome to Mandrake users!

 

I see what your trying to do and why but you might want to reconsider.

There are a few security implications etc. BUT its up to you.

 

As usual, this is linux so there are 1001 ways.

 

One way is just to make a symbolic link from /var/www/html/jeffery to /home/jeffery/public_html

 

IF you do this you need to enable follow_symlink is your httpd.conf

You also need to make the directories readable by the apache user.

 

You can either blatently set them completely open for reading and executing FOR WORLD or add apache group to your groups.

The second is slightly better but security wise there isn't much in it!

If you were to be hacked its as lickly to be via apache user as anything else!

 

 

You could also use the apache include directive for the directory

see http://httpd.apache.org/docs/mod/core.html#include

 

Again you get the permissions thing!

 

OR:

You can reverse the process.... unless your trying to save space on /var ???

 

Why not move public_html to

/var/www/html/jeffery

 

then set a symlink in your home directory to this called public_html

ln -s /var/www/html/jeffery public_html

(If that gives you an error try

ln -s public_html /var/www/html/jeffery )

 

again you need to work out how to handle the permissions....

 

Let us know what you prefer.....

Im sure this will be sorted out ...:D

[paCkeTroUTer]

ok I'll take you advise on putting all the web stuff into a folder(by my name) into /var/www/html

 

I beleive that means I have to create a folder jeffery in /var/www/html/jeffery and put all the web contents in that folder and keep /home/jeffery/public_html empty ?

 

What permissions do I set to the folder ? Also the folder would have user as jeffery and group jeffery as well ?

 

could you show me how to modify my config file for this purpose.

 

You can either blatently set them completely open for reading and executing FOR WORLD or add apache group to your groups.

 

I have added my account to apache group... does it mean what you have described above ?

 

Thanks

 

Jeffery

[Gowator]

Yes, that means you can set only the group permissions for read/execute instead of world permissions.

 

From the directory above jeffery directory you can use

chmod -R 771 jeffery

this will recursively set the files to Owner rwx Group rwx and world read

 

To move the folder try....

mv /home/jeffery/public_html /var/www/html/jeffery

 

this should create the whole folder in the html directory.

 

? Also the folder would have user as jeffery and group jeffery as well ?

Yes but jeffery is also a member of group apache. and we set it to group rwx.

 

Actually, Im not sure if the move will work becuase jeffery might not have permissions

 

The inverse doing it as apache won't work becuase apache would need delete privelidges on /home/jeffery

 

So you might have to do it as root

in which case the files will be owned by user root/group root

 

So as root you can change them to jeffery as

chown -R jeffery:jeffery jeffery (from the html directory)

 

Got to get home now but ill be back later or someone else is boiund to help you!

[paCkeTroUTer]

Thanks Gowator. Appreciate ur help

 

Yes, that means you can set only the group permissions for read/execute instead of world permissions. 

 

From  the directory above jeffery directory you can use 

chmod -R 771 jeffery

this will recursively set the files to Owner rwx Group rwx and world read

The above resulted in giving me the following:

drwxrwx--x

Owner rwx Group rwx and world executable. Is that correct ? Or am I reading the permissions the wrong way ?

 

To move the folder try....

mv /home/jeffery/public_html /var/www/html/jeffery

 

this should create the whole folder in the html directory. 

The above resulted in moving all the contents and folder of /home/jeffery/public_html to /var/www/html/jeffery/public_html

 

I am confused if that is the right path.. or should all the contents go into /var/www/html/jeffery . Please advise

BTW I did both commands with root priviledges

 

 

? Also the folder would have user as jeffery and group jeffery as well ? 

Yes but jeffery is also a member of group apache.  and we set it to group rwx.

Thanks I think thats what I have done. Hopefully it should work :)

 

What do I do next from here, if all the above mentioned are in the right order. Thanks

[Gowator]

Bah.... I was too eager to get away from my nasty work NT4 machine...

OK, lets clean up-

 

 

Thanks Gowator. Appreciate ur help

:D

Yes, that means you can set only the group permissions for read/execute instead of world permissions. 

 

From  the directory above jeffery directory you can use 

chmod -R 771 jeffery

 

bahhhh silly me its 775

 

this will recursively set the files to Owner rwx Group rwx and world read

The above resulted in giving me the following:

drwxrwx--x

 

drwxrwxr-x that should be it now

 

 

Owner rwx Group rwx and world executable. Is that correct ? Or am I reading the permissions the wrong way ?

 

No I was just brain dead!

To move the folder try....

mv /home/jeffery/public_html /var/www/html/jeffery

 

this should create the whole folder in the html directory. 

The above resulted in moving all the contents and folder of /home/jeffery/public_html to /var/www/html/jeffery/public_html

 

I am confused if that is the right path.. or should all the contents go into /var/www/html/jeffery . Please advise

BTW I did both commands with root priviledges

 

OK, no problems well move it up a directory

mv /var/www/html/jeffery/public_html /var/www/html/public_html

 

then

rmdir /var/www/html/jeffery/

then change public_html to jeffery

mv /var/www/html/public_html/ /var/www/html/jeffery/

 

? Also the folder would have user as jeffery and group jeffery as well ? 

Yes but jeffery is also a member of group apache.  and we set it to group rwx.

Thanks I think thats what I have done. Hopefully it should work :)

 

What do I do next from here, if all the above mentioned are in the right order. Thanks

 

Erm now you should have a http://localhost/jeffery

If it has an index.html or index.php etc. the link should work!

 

You probably want to do something to set your user permissions by default

you can use UMASK for this.

[paCkeTroUTer]

Thanks again.

 

But that setup is a basic web server setup. I want it so that I can ftp my web stuff from an other machine with my username/password

 

so when I ftp stuff.. it would go into my folder in the web root

 

I suppose I have to create a symlink from my home directory to the /var/www/html/jeffery folder ?

[Gowator]

Thanks again.

 

But that setup is a basic web server setup. I want it so that I can ftp my web stuff from an other machine with my username/password

 

so when I ftp stuff.. it would go into my folder in the web root

 

I suppose I have to create a symlink from my home directory to the /var/www/html/jeffery folder ?

 

 

Exactly, you set the symlink and then you just CD into it.

 

OR

 

If I knew that was the goal you can add apache to the ftp group and set a password and home directory of /var/www/html :wink:

 

Always 20 ways to do the same thing in linux :D

[paCkeTroUTer]

Thanks Gowator :D :D :D

 

That worked as expected. But I have a couple of questions if you don't mind. As of now I can access my web folder via http://localhost/jeffery

 

I am wondering what is the advantage of having your web folders point like http://localhost/~jeffery

 

I tried to emulate that but it doesn't work as expected. Not that I am bothered about it, but it would help me clear up my doubts and get a better understanding of how apache web server behaves. BTW I made the following changes to my config file and the first few configuration options look like this:

### Common server configuration

#

User apache

Group apache

 

#

# ServerAdmin: Your address, where problems with the server should be

# e-mailed. This address appears on some server-generated pages, such

# as error documents.

#

ServerAdmin root@localhost

 

# DocumentRoot: The directory out of which you will serve your

# documents. By default, all requests are taken from this directory, but

# symbolic links and aliases may be used to point to other locations.

# DO NOT MODIFY THIS ONE, USE httpd.conf and httpd-perl.conf

#DocumentRoot /var/www/html

 

 

#

# Each directory to which Apache has access, can be configured with respect

# to which services and features are allowed and/or disabled in that

# directory (and its subdirectories).

#

# First, we configure the "default" to be a very restrictive set of

# permissions.

#

# Also, for security, we disable indexes globally

#

<Directory />

Options -Indexes FollowSymLinks

AllowOverride None

</Directory>

 

#Restricted set of options

#<Directory />

#Options -All -Multiviews

#AllowOverride None

#<IfModule mod_access.c>

#Order deny,allow

#Allow from all

#</IfModule>

#</Directory>

 

 

#

# Note that from this point forward you must specifically allow

# particular features to be enabled - so if something's not working as

# you might expect, make sure that you have specifically enabled it

# below.

#

 

 

#

# UserDir: The name of the directory which is appended onto a user's home

# directory if a ~user request is received.

#

<IfModule mod_userdir.c>

UserDir public_html

</IfModule>

 

Appreciate your time

 

Jeffery

[Gowator]

Well I certainly ain't an apache expert.:D

 

So these are basically all guesses.

 

The ~ pages are I think when you use virtual servers.

apparently have lots of advantages but for me one big one.

I need to RTFM on them. I think lots of people here will know lots more than me.

 

 

Actually, my SME server box uses them effectively and I have just never bothered to look.

[willisoften]

Has anybody seen a good apache / perl tutorial for idiots?

 

I have got both apache and perl installed but I cant get my cgi stuff to appear it's working under windows so I know my stuff works. But I keep getting

 

"You don't have permission to access /cgi-bin/ on this server."

 

I basically don't know what I'm doing!

 

I've spent too long reading the docs already webmin isn't working either so if anyones got a straight to the point tutorial or Howto please let me know.

[Gowator]

First,

check the file permissions on /var/www/cgi-bin

 

You need the execute bit for the apache user.

Second you need to check the cgi-bin is actually listed in your conf file or referenced directly from DocumentRoot.

 

Imagine the web server sees a whole directory tree BUT whatever directory you set up as DocumentRoot is the equivalent of the root directory to it.

 

Then check the actual permissions on the cgi-bin directory files.

Make sure they are all eXecutable by apache.

 

For the perl ones you can su - apache (from root) and try running them by hand. i.e. perl mycgiscript.pl

 

Like you i'd love to see the apache/perl tutorial for idiots....

Everything I ever learned has been through experimentation which isn't always the most efficient way :D

[willisoften]

Thanks the problem is permissions and I have sorted it out to a point,

 

trouble is every time I save a file i have to set the permissions manually.

 

In my pub directory

 

I own pub and I've chmod 755 -R which means I have read write execute and everyone else should have read and execute.

 

This is OK and the content appears in apache. But I want to be able to save the files and forget about it.

 

I've tried ln -s pub in both directions home & var/www/cgi-bin and have the same problems in both places. I thought that files saved to a directory took on the properties of that directory?

 

I could probably live with it but it's a nuisance!

[willisoften]

It appears that each file in cgi-bin has to have its permissions set: chmod 755.

 

I can't find the ScriptAlias directive line in the apache conf files so I've set up a ln -s link to my home directory. As I gave myself ownership of the folder in cgi-bin as an ordinary user I can set all of the permissions on the folder with chmod 755 -R pub from my home directory I can also set them in the tree view in Kate.

 

It ought to be possible to set umask options for saving files but I don't know how to do it!

 

Maybe there is a config file you can set for Kate I don't know I think you can set umask options when saving files from Vi but I'm not sure.

[paCkeTroUTer]

Just updating to a fix for this problem I had.

 

Anyone having same problem as I have discussed in the first post of this thread should consider checking the permission on the user directory as well.

 

The webserver needs to be able to read files from there (remember /home/username has to be readable by the user the server runs as as well to be able to read anything under it). As long as /home/username and /home/username/public_html are 755 it should be ok

 

Obviously no one lead me to asking if my user directory permissions where ok and I never thought about it, though I had everything under user directory set to the right permissions. You always learn from your mistakes :D