MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
November
Sun Mon Tue Wed Thu Fri Sat
           
5
           
2014
Months
Nov


Wed, Nov 05, 2014 10:38 pm

You don't have permission to access / on this server error

After adding a virtual host section for a website to Apache's httpd.conf file on a Linux system, I restarted Apache and tried viewing the website with a browser. Instead of seeing the home page for the site, I saw:

Forbidden

You don't have permission to access / on this server.

When I looked in the error log for the site, I saw the following:

[Wed Nov 05 21:27:30.519520 2014] [core:error] [pid 4471] (13)Permission denied: [client 207.255.181.210:1604] AH00035: access to / denied (filesystem path '/home/jdoe/public_html') because search permissions are missing on a component of the path
[Wed Nov 05 21:27:31.179045 2014] [core:error] [pid 4471] (13)Permission denied: [client 207.255.181.210:1604] AH00035: access to /favicon.ico denied (filesystem path '/home/jdoe/public_html') because search permissions are missing on a component of the path

Checking the public_html directory and the directories beneath it, I saw that owner, group, and world all had "execute" access, i.e., the capability to search through the directories.

$ ls -ld public_html
drwxrwxr-x. 14 jdoe jdoe 4096 Nov  5 21:04 public_html

But, checking the user's home directory I found there was no access to it except for the owner. When I changed that access to grant search access to other accounts in the same group and all accounts, then the website became visible.

$ chmod ga+x /home/jdoe
$ ls -ld /home/jdoe
drwx--x--x. 13 jdoe jdoe 4096 Nov  5 21:17 /home/jdoe

You can check the permissions on a directory and the directories above it up to the root directory with just one command using the namei -m command in the form namei -m /path_to_directory/dirname. E.g.:

$ namei -m /home/jdoe/public_html
f: /home/jdoe/public_html
 drwxr-xr-x /
 drwxr-xr-x home
 drwx--x--x jdoe
 drwxrwxr-x public_html

[/network/web/server/apache] permanent link

Wed, Nov 05, 2014 8:15 am

Denying interactive logins for an account

On a Linux system, you can change the designated shell for an account to "nologin" to prevent user's from interactive logons. For instance, if an account is only used for email, then you might wish to block the user from logging in and obtaining a shell prompt, so that should anyone else obtain the password for the account the person whould not be able to do anything other than send and receive email for the account. If the user's account was jasmith, you could use the command below:
# usermod --shell /sbin/nologin jasmith

[/os/unix/linux/sysmgmt] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo