# You don't have permission to access /~username

## Kennel

So I decided to upgrade my old 1.0rc6 to 1.2 and all went well except that I can't seem to get access to users public_html through /~username. I get:

You don't have permission to access /~username on this server

I searched the forums and found some stuff about adding the apache user to the users group and I did by running:

usermod -G apache,users apache

I also made sure that ~/public_html was chmodded 755 (even tried 777). Still no luck. Could someone please tell me what to do? I'm kind of a newbie, so a very descriptive instruction would be appreciated.

BTW. I screwed around quite a lot with apache.conf and commonapache.conf because I first believed that the problem was there. Where can I download the original version of these two files again (1.3.26)?

----------

## skweegie

since you already added the apache user to the users group...

did you confirm that the user's home directories themselves are 755?

please note that the -m switch in useradd defaults user home directories to permission 700. do a ls -al /home to confirm correct user directory permissions...

cheers

----------

## rt_clik

Another (obvious, I know) thing to check is the apache.conf file to make sure that:

UserDir public_html

still exists. I would assume that this hasn't changed (or was backed up), but had a similar experience myself, and this was the culprit.

Good luck.

CW

 *Kennel wrote:*   

> So I decided to upgrade my old 1.0rc6 to 1.2 and all went well except that I can't seem to get access to users public_html through /~username. I get:
> 
> You don't have permission to access /~username on this server
> 
> I searched the forums and found some stuff about adding the apache user to the users group and I did by running:
> ...

 

----------

## Kennel

 *skweegie wrote:*   

> 
> 
> did you confirm that the user's home directories themselves are 755?
> 
> 

 

Ah! That did the trick. Another question then, won't this allow anyone to read the contents of anyones homedir?

----------

## klieber

 *Kennel wrote:*   

> Another question then, won't this allow anyone to read the contents of anyones homedir?

 

Yes, change it to 750 instead.  BTW, what group owns all your user directories?  Is it 'users'?  If so, then even 750 will allow all users to read and execute other users files.

--kurt

----------

## Kennel

 *klieber wrote:*   

>  *Kennel wrote:*   Another question then, won't this allow anyone to read the contents of anyones homedir? 
> 
> Yes, change it to 750 instead.  BTW, what group owns all your user directories?  Is it 'users'?  If so, then even 750 will allow all users to read and execute other users files.
> 
> --kurt

 

Yes, that is very true. What do you recommend to get around this?

----------

## klieber

 *Kennel wrote:*   

> Yes, that is very true. What do you recommend to get around this?

 

Create a special group for each user, named the same as the username.  (so, for me, there would be a 'klieber' group, of which I was the only member)  Then, chown each users' home directory to their username and their group.  Then, 750 will work as expected/desired.

--kurt

----------

## Kennel

 *klieber wrote:*   

>  *Kennel wrote:*   Yes, that is very true. What do you recommend to get around this? 
> 
> Create a special group for each user, named the same as the username.  (so, for me, there would be a 'klieber' group, of which I was the only member)  Then, chown each users' home directory to their username and their group.  Then, 750 will work as expected/desired.
> 
> --kurt

 

Ok, but won't I have to add apache to all those groups then i order for some.where/~username to be accessible?

----------

## klieber

 *Kennel wrote:*   

> Ok, but won't I have to add apache to all those groups then i order for some.where/~username to be accessible?

 

Yes, but you can't have it both ways.  Perhaps a better question is why are you putting apache virtual roots within home directories and is there a better way you can do that?  (like using symlinks to another place on the HD, for example)

--kurt

----------

