140190 – httpd mod_userdir throws 403 with right permissions

Bug 140190 - httpd mod_userdir throws 403 with right permissions

Summary: httpd mod_userdir throws 403 with right permissions

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	httpd
Sub Component:
Version:	3
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Joe Orton
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-11-20 20:09 UTC by Sergio Restrepo
Modified:	2007-11-30 22:10 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2004-11-21 12:59:22 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Sergio Restrepo 2004-11-20 20:09:05 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041111 Firefox/1.0

Description of problem:
I am running httpd-2.0.52-3.1 under Fedora Core 3 using SELinux.

I am trying to use the UserDir directive for Apache, and this is the
relevant part from my httpd.conf file

UserDir public_html

<Directory /home/*/public_html>

   Options Indexes FollowSymLinks
   AllowOverride All

   Order allow,deny
   Allow from All

</Directory>


The DocumentRoot is pointing to /var/www/html (as per default)

The permissions to /, /home, /home/user, /home/user/public_html are
all set to 755, however every time I try to access
http://localhost/~user I get the following error:


Forbidden

You don't have permission to access /~parca on this server.

Additionally, a 403 Forbidden error was encountered while trying to
use an ErrorDocument to handle the request.
Apache/2.0.52 (Fedora) Server at localhost Port 80

Additionally, this is the error on the Apache logs:

access:
127.0.0.1 - - [20/Nov/2004:14:53:25 -0500] "GET /~parca HTTP/1.1" 403
402 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041111 Firefox/1.0"

error:
[Sat Nov 20 14:53:25 2004] [error] [client 127.0.0.1] (13)Permission
denied: access to /~parca denied




Version-Release number of selected component (if applicable):
httpd-2.0.52-3.1

How reproducible:
Always

Steps to Reproduce:
1.Install httpd-2.0.52-3.1
2.Activate UserDir
3.Create a public_html for any user and try to access it through
domain/~user
    

Actual Results:  Returns a 403 Forbidden

Expected Results:  Returns the index page for the user

Additional info:

Comment 1 Joe Orton 2004-11-21 12:59:13 UTC

This is due to SELinux, please see the SELinux httpd guide:

http://fedora.redhat.com/docs/selinux-apache-fc3/

and specifically the section:

http://fedora.redhat.com/docs/selinux-apache-fc3/sn-user-homedir.html

Comment 2 Marcelo macCoy 2005-05-20 17:43:16 UTC

Joe Orton,

Your information is crucial for people that have trouble with userdir, when just
tried all configurations in filesystem and httpd.conf. I followed your
indication and change one of two configurations in this steps:

run: system-config-securitylevel (terminal)
choose: SELinux part
uncheck: Enforcing
or
check: Disable SELinux protection for httpd Daemon

It's working now (apache using userdir)

Thanks,
macCoy

Note You need to log in before you can comment on or make changes to this bug.