[SOLVED] (13)Permission denied: access to /~user/ denied --
Posted: 2012/01/18 18:16:24
Hi there,
I've setup a server for local development on CentOS6.
I'm trying to keep it fairly secure so I'm keeping SElinux enabled for now, however I seem to be having a problem.
I've setup apache with UserDir public_html so I'm able to access the user's public_html directory as follows:
http://server.ip/~user/
This however results in:
[quote]
Forbidden
You don't have permission to access /~user/ on this server.
Apache Server at server.ip Port 80
[/quote]
Checking the error log (/var/log/httpd/error_log) shows the following:
[quote]
[Wed Jan 18 18:01:02 2012] [error] [client server.ip] (13)Permission denied: access to /~user/ denied
[/quote]
What I've tried:
I've RTFM, specifically the [url=http://wiki.apache.org/httpd/13PermissionDenied]apache manual suggests it's a file permissions issue[/url]...
It's not a file permissions issue as the apache user can access the files of the above mentioned "user":
[code]
[root@elite home]# su apache -s /bin/bash
bash-4.1$ cat /home/user/public_html/test.txt
Just a test.
bash-4.1$ exit
exit
[/code]
This results in being able to see the contents of test.txt, so we know that's OK.
I can only assume it's an [url=http://fedoraproject.org/wiki/SELinux/apache]SElinux issue and RTFM[/url]...
[code]
setsebool -P httpd_enable_homedirs 1
chcon -R -t httpd_sys_content_t /home/user/public_html
[/code]
Here's a bunch of other SElinux/httpd related settings I have set:
[code]
[root@elite home]# getsebool -a | grep httpd
allow_httpd_anon_write --> on
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_network_connect --> on
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> on
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> on
httpd_execmem --> off
httpd_read_user_content --> on
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_tmp_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
[/code]
Finally I disabled selinux enforcing:
[code]
echo 0 >/selinux/enforce
[/code]
A modest workaround, but not a solution.
I feel like I've done and tried everything and now I'm not sure what else to try...
Any suggestions?
I've setup a server for local development on CentOS6.
I'm trying to keep it fairly secure so I'm keeping SElinux enabled for now, however I seem to be having a problem.
I've setup apache with UserDir public_html so I'm able to access the user's public_html directory as follows:
http://server.ip/~user/
This however results in:
[quote]
Forbidden
You don't have permission to access /~user/ on this server.
Apache Server at server.ip Port 80
[/quote]
Checking the error log (/var/log/httpd/error_log) shows the following:
[quote]
[Wed Jan 18 18:01:02 2012] [error] [client server.ip] (13)Permission denied: access to /~user/ denied
[/quote]
What I've tried:
I've RTFM, specifically the [url=http://wiki.apache.org/httpd/13PermissionDenied]apache manual suggests it's a file permissions issue[/url]...
It's not a file permissions issue as the apache user can access the files of the above mentioned "user":
[code]
[root@elite home]# su apache -s /bin/bash
bash-4.1$ cat /home/user/public_html/test.txt
Just a test.
bash-4.1$ exit
exit
[/code]
This results in being able to see the contents of test.txt, so we know that's OK.
I can only assume it's an [url=http://fedoraproject.org/wiki/SELinux/apache]SElinux issue and RTFM[/url]...
[code]
setsebool -P httpd_enable_homedirs 1
chcon -R -t httpd_sys_content_t /home/user/public_html
[/code]
Here's a bunch of other SElinux/httpd related settings I have set:
[code]
[root@elite home]# getsebool -a | grep httpd
allow_httpd_anon_write --> on
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_network_connect --> on
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> on
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> on
httpd_execmem --> off
httpd_read_user_content --> on
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_tmp_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
[/code]
Finally I disabled selinux enforcing:
[code]
echo 0 >/selinux/enforce
[/code]
A modest workaround, but not a solution.
I feel like I've done and tried everything and now I'm not sure what else to try...
Any suggestions?