Bug 140190 - httpd mod_userdir throws 403 with right permissions
httpd mod_userdir throws 403 with right permissions
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: httpd (Show other bugs)
3
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
: SELinux
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-20 15:09 EST by Sergio Restrepo
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-11-21 07:59:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Sergio Restrepo 2004-11-20 15:09:05 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041111 Firefox/1.0

Description of problem:
I am running httpd-2.0.52-3.1 under Fedora Core 3 using SELinux.

I am trying to use the UserDir directive for Apache, and this is the
relevant part from my httpd.conf file

UserDir public_html

<Directory /home/*/public_html>

   Options Indexes FollowSymLinks
   AllowOverride All

   Order allow,deny
   Allow from All

</Directory>


The DocumentRoot is pointing to /var/www/html (as per default)

The permissions to /, /home, /home/user, /home/user/public_html are
all set to 755, however every time I try to access
http://localhost/~user I get the following error:


Forbidden

You don't have permission to access /~parca on this server.

Additionally, a 403 Forbidden error was encountered while trying to
use an ErrorDocument to handle the request.
Apache/2.0.52 (Fedora) Server at localhost Port 80

Additionally, this is the error on the Apache logs:

access:
127.0.0.1 - - [20/Nov/2004:14:53:25 -0500] "GET /~parca HTTP/1.1" 403
402 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041111 Firefox/1.0"

error:
[Sat Nov 20 14:53:25 2004] [error] [client 127.0.0.1] (13)Permission
denied: access to /~parca denied




Version-Release number of selected component (if applicable):
httpd-2.0.52-3.1

How reproducible:
Always

Steps to Reproduce:
1.Install httpd-2.0.52-3.1
2.Activate UserDir
3.Create a public_html for any user and try to access it through
domain/~user
    

Actual Results:  Returns a 403 Forbidden

Expected Results:  Returns the index page for the user

Additional info:
Comment 1 Joe Orton 2004-11-21 07:59:13 EST
This is due to SELinux, please see the SELinux httpd guide:

http://fedora.redhat.com/docs/selinux-apache-fc3/

and specifically the section:

http://fedora.redhat.com/docs/selinux-apache-fc3/sn-user-homedir.html
Comment 2 Marcelo macCoy 2005-05-20 13:43:16 EDT
Joe Orton,

Your information is crucial for people that have trouble with userdir, when just
tried all configurations in filesystem and httpd.conf. I followed your
indication and change one of two configurations in this steps:

run: system-config-securitylevel (terminal)
choose: SELinux part
uncheck: Enforcing
or
check: Disable SELinux protection for httpd Daemon

It's working now (apache using userdir)

Thanks,
macCoy 

Note You need to log in before you can comment on or make changes to this bug.