Apache Friends Support Forum

[matteosistisette]

Hi,

On my old Ubuntu computer, I used to have the public htdocs directories for my few virtual hosts in a NTFS partition. I had set up my httpd.conf to include extra/httpd-vhosts.conf, and in httpd-vhosts.conf I had the virtual hosts set up to use each one its folder which were located in various places within the abovementioned NTFS partition. Since all folders in the NTFS partition were mounted as readwrite for everybody, I never had any permission issue.

Now I've moved to a new ubuntu computer, and now I have the folders for the virtual hosts inside subdirectories of my home directory. I've set up everything pretty much the same way it was on the old computer, with the difference that the paths of the folders used by the virtual hosts are inside my home directory instead of on a NTFS partition.

Now I was getting 403 Forbidden responses because of "missing search permission in some component of the path".

The quick workaround I've found is to set up apache to run as my user (because I definitely don't want to set file permission in all the components of the path to my home dirertory to 755) rather than with its own user. But I'm worried whether this is the best solution.

Any idea?
Thanks in advance
Matteo

[Nobbie]

The quick workaround I've found is to set up apache to run as my user (because I definitely don't want to set file permission in all the components of the path to my home dirertory to 755) rather than with its own user. But I'm worried whether this is the best solution.

This solution is quite Ok, i used to do the same thing. Because you are running this Ubuntu for yourself and there is no problem to run Apache with your private UserID. This is by far better than creating security issues by running Apache as root.

The reason for your problems is the fact (what most users are not aware of), that the user, which runs Apache, must have sufficient rights to access the DocumentRoot. But this means also (and that is the problem, which is overlooked by many many users), that Apache must also have sufficient rights to access ALL(!) folders above the DocumentRoot. It is NOT sufficient, if you give (for example) /home/myname/htdocs the permissions 777, because if Apache runs as a different user than "myname", it cannot access to the /home/myname folder (which is above your /home/myname/htdocs folder) and which is not accessible by www-data (for example, this user is taken very often for a standard Apache installation).

The same problem might occur already for the /home folder (depending on the Apaches userid and the permissions of /home).

So in your case it is ok to run Apache as "myname". Instead, of course you may grant 777 to /home als well to /home/myname - this would solve your problem as well and you could run Apache as www-data, but I'm finding this solution quite ugly.

What you might try is to create another standard user, lets call it "apache" (nomen est omen) and Ubuntu will create a /home/apache folder for this user. You might put your desired VirtualHosts folders into that apache Home (instead of your home), but i am not sure if you will like this different folders instead of your home.

Finally it is on you, it is more important that you understand the problem, that any process need to access not only a certain folder, but as well all folders above. This is standard unix/linux behaviour (and not due to Apache or so), it is part of the basic rights management.