# [solved] apache2 per-user web directories problems

## ghostblade

I'm fairly new to linux, and very new to gentoo.  I emerged apache, and in the apache config i tried adding "UserDir public_html" like it says on the apache website.  I created a public_html directory in my home dir, and created an index.html.  But when i try to go to http://myip/~myuser/index.html it says you dont have access to this directory.  Does anyone know how to fix this?Last edited by ghostblade on Fri Mar 26, 2004 9:07 pm; edited 1 time in total

----------

## ckdake

Take out the line you added to the apache config file.  gentoo is pretty good about having most things already pretty much set up for you.  If i remember correctly, user home directories should work for you automatically.  Just make sure that your public_html directory is world readable and world executable

```
chmod a+rx ~/public_html
```

 will make sure that it is if it isn't already.

----------

## ghostblade

i tried that, but i still get an error:

```

Forbidden

You don't have permission to access /~phil on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Apache/2.0.47 (Gentoo/Linux) Server at localhost Port 80

```

 :Sad: 

----------

## ckdake

try making your home directory excutable by everyone..

----------

## ghostblade

nope, still the same error  :Sad: 

----------

## ckdake

given that it says  *Quote:*   

> Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. 

   It means that you have a bigger problem because the server isn't allowed to access its own error messages.  What version of apache are using?  Any other error messages in the logs?  and can you post the "Main Configuration Section" at the top of /etc/apache2/conf/apache2.conf?

----------

## ghostblade

Where would i find which version i am using (like i said before, im a noob  :Smile: )

As for the logs, i see this in there a few times in access_log:

```

x.x.x.x - - [07/Dec/2003:19:35:13 +0000] "GET /~phil HTTP/1.1" 403 409 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030728 Mozilla$

x.x.x.x - - [07/Dec/2003:19:37:24 +0000] "GET /~phil HTTP/1.1" 403 409 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030728 Mozilla$

x.x.x.x - - [07/Dec/2003:19:37:46 +0000] "GET /~phil/index.html HTTP/1.1" 403 420 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030$

x.x.x.x - - [07/Dec/2003:19:41:06 +0000] "GET /~phil HTTP/1.1" 403 409 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030728 Mozilla$

8

```

And here is the top of my apache.conf

```

### Main Configuration Section

### You really shouldn't change these settings unless you're a guru

###

ServerRoot /etc/apache2

ServerName localhost

#LockFile /etc/apache2/apache2.lock

PidFile /var/run/apache2.pid

ErrorLog logs/error_log

LogLevel warn

DocumentRoot /home/httpd/htdocs

```

And this in error_log:

```

[Sun Dec 07 19:37:24 2003] [error] [client x.x.x.x] (13)Permission denied: access to /~phil denied

[Sun Dec 07 19:37:46 2003] [error] [client x.x.x.x] (13)Permission denied: access to /~phil/index.html denied

[Sun Dec 07 19:41:06 2003] [error] [client x.x.x.x] (13)Permission denied: access to /~phil denied

[Sun Dec 07 22:04:42 2003] [error] [client x.x.x.x] (13)Permission denied: access to /~phil denied

[Sun Dec 07 22:04:45 2003] [error] [client x.x.x.x] (13)Permission denied: access to /~phil denied

[Sun Dec 07 22:04:47 2003] [error] [client x.x.x.x] (13)Permission denied: access to /~phil denied

[Sun Dec 07 22:04:48 2003] [error] [client x.x.x.x] (13)Permission denied: access to /~phil denied

[Sun Dec 07 22:20:46 2003] [error] [client x.x.x.x] (13)Permission denied: access to /~phil denied

```

[/code]

----------

## ckdake

the main thing with version number is apache or apache2 and given your config files, you are using apache2.  I have to ask, are you saving the config files and restarting the server with /etc/init.d/apache2 restart each time and is it stopping cleanly? 

Have you made any other changes to your apache2 config files?

----------

## ghostblade

yes, i'm saving and restarting apache2 every time i make a change   :Cool: 

----------

## ckdake

how recently did you emerge apache?  recently, the default directory for documents moved from /home/httpd/htdocs/ to /var/www/localhost/.  Your config file points to the old location, but if you emerged recently, there might be a config file called something like "/etc/apache2/conf/._cf0000_apache2.conf that you need to replace your existing file with.  At the end of the emrege did it tell you that there are config files that need updating?

you can find config files like this by doing 

```
#find /etc -iname "._cf*"
```

----------

## ghostblade

i emerged it yesterday morning, i'll try that and see if it works

----------

## thompsonmike

I am having the same problem. 

Did you find a fix???

----------

## ghostblade

i think the permissions for my home (/home/me) directory were wrong if i recall correctly, i didnt think to check the permissions of that folder >:\

----------

## ptitman

it is a fairly poor work around that giving a+x access to your ~. It basically means that in order to allow users having their own website, they will have to let everyother users the hability of going through their own directory.

  Wouldn't be satisfied with such a lousy workaround   :Confused: 

   I'm actually wondering if it is a apache bug

----------

## ptitman

well, not saying it might be an apache bug anymore  :Smile:  . guess i was a bit upset   :Very Happy: 

  but i def dont go along with the world executable or even group executable /home/* .

  when i installed apache, months ago, i wasn't thinking of using userdirs and was wondering what the f**k emerge added a /home/httpd/ directory and actually deleted it as it was nonsense for me .... but it actually make real sense. just got to use it.

  I setted up this dir again with that config

```
drwxr-xr-x    4 apache   apache         96 Feb  3 01:24 httpd
```

   I'm not running a box with many users on so i didn't bother doing a script which will automatize the whole thing, but just wanted my housemate to be able to create is web page without messing around my system.

the following step is to create a file like 

```
drwxr-xr-x    2 username     apache         80 Feb  3 01:47 username
```

and , to make it simple for him i created a link in is homedir

```

ln -sf /home/httpd/username /home/username/public_html
```

for instance.

  therefore , it is transparent to him, he just have to stick to his ~/public_html and there he goes   :Very Happy:  .

it is still one last modif to do : in /etc/apache2/conf/commonapache2.conf you need to have this lines :

```
<IfModule mod_userdir.c>

    UserDir /home/httpd

    UserDir disabled root

</IfModule>

.

.

.

<Directory /home/httpd/*/>

  AllowOverride All

    Options MultiViews -Indexes Includes FollowSymLinks

    <IfModule mod_access.c>

      Order allow,deny

      Allow from all

    </IfModule>

</Directory>
```

   it works lie a charm for me   :Wink:  .

   If you got any comments about it they will be welcome.

----------

## thompsonmike

Good one, that works like a charm for me too.

One Problem though, because it is outside of the home directory, a FTP client cannot see the directory, so it is impossible for users to upload files using FTP because they are locked into their home directorys.

I am using Proftpd. Do you know of anyway of allowing proftpd to follow symlinks, like apache does, but to keep them locked into their home directorys?

I am off to migrate the remainder of my user base to the new home directorys, and tell them FTP is off line till I find a solution!

http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-Chroot.html

Cheers

----------

## thompsonmike

Good one, that works like a charm for me too.

One Problem though, because it is outside of the home directory, a FTP client cannot see the directory, so it is impossible for users to upload files using FTP because they are locked into their home directorys.

I am using Proftpd. Do you know of anyway of allowing proftpd to follow symlinks, like apache does, but to keep them locked into their home directorys?

I am off to migrate the remainder of my user base to the new home directorys, and tell them FTP is off line till I find a solution!

Cheers

----------

## thompsonmike

Well damn that was easy.

Just mount the directorys, and bang, there they are. Locked into the home directorys, and no one can access any elses files...

Excellent

Thanks for the plan ptitman

Just for the record the following command does this

 mount --bind /home/username/public_html /home/httpd/username

For each user. To make the changes last after a reboot, put them into your fstab.

----------

## ptitman

nice one   :Wink: 

----------

## hygge

okey. but this should work without any tweaks like that. anyone know how?

----------

## buser

I'm having these problems too.

----------

## hygge

c'mon, who's responsable for the apache ebuilds?

----------

## C.M

I'm having big problems with this too. It's no problem to show a index.html file in the ~/public_html folder, but I can't get the automatic directory listing working. This is my commonapache2.conf now:

```

<Directory />

  Options -All -Multiviews

  AllowOverride None

  <IfModule mod_access.c>

    Order allow,deny

    Allow from all

  </IfModule>

</Directory>

                                                                                

<Directory /home/*/public_html>

  AllowOverride All

  Options MultiViews +Indexes Includes FollowSymLinks

  <IfModule mod_access.c>

    Order allow,deny

    Allow from all

  </IfModule>

</Directory>

```

And these are my permissions:

```

drwxr-xr-x  33 cm   users      1616 Mar 14 21:33 .

drwxr-xr-x   4 root root         96 Mar  5 03:02 ..

drwxr-xr-x   2 cm   users       128 Mar 14 21:36 public_html

```

The error I get in /var/log/apache2/error_log is:

```

[Sun Mar 14 21:57:33 2004] [error] [client 192.168.0.103] Directory index forbidden by rule: /home/cm/public_html/

```

If I put a file called index.html in my public_html folder it comes up, but the auto-index just won't work. I've gone through the crappy apache-tutorial, and it's of no help. Seems like a lot of people have trouble with this.   :Mad: 

----------

## C.M

Sorry, I was just a moron. Had two

```

<Directory /home/*/public_html>,

```

one I didn't know I had, but that said -Indexes

----------

## BlinkEye

 *ptitman wrote:*   

> well, not saying it might be an apache bug anymore  . guess i was a bit upset  
> 
>   but i def dont go along with the world executable or even group executable /home/* .
> 
>   when i installed apache, months ago, i wasn't thinking of using userdirs and was wondering what the f**k emerge added a /home/httpd/ directory and actually deleted it as it was nonsense for me .... but it actually make real sense. just got to use it.
> ...

 

this sounds interesting. but i still get a 403 forbidden error. could you explain further some steps?

 *Quote:*   

>  the following step is to create a file like 
> 
> ```
> drwxr-xr-x    2 username     apache         80 Feb  3 01:47 username
> ```
> ...

 

i don't get it why i shoud create a file and not a directory or for that case a symlink.

 *Quote:*   

> and , to make it simple for him i created a link in is homedir
> 
> ```
> 
> ln -sf /home/httpd/username /home/username/public_html
> ...

 

 the link links to or from /home/username/public_html?

 *Quote:*   

>  therefore , it is transparent to him, he just have to stick to his ~/public_html and there he goes   . 

 

i'd like to access my files via myip/~username - is your way the wrong way to achieve that?

another question: the group apache was created during the emerge of apache2 (as i guess). do i have to add myuser to the apache group? please help me setting the right permissions, i'd say it is the most important thing to do when setting up a server.

----------

## flazz

I'm having the same problem

from all the posts I have gathered:

~/public_html/ needs a+rx, that is common sense.

~/ does not need a+rx, that is really dumb.

mounting or linking ~/public_html/ to /home/httpd/username/  is a hairy bandaid

I'm guessing that this is a problem with the ebuild, because some one posted that they got it working from a source installation

Has anyone gotten an ebuild of apache2 to serve home dirs  the way apache was designed to? If not, then I suspect a problem in the ebuild.

also, could PAM or membership to the group apache also cause this problem?

----------

## BlinkEye

nope. i didn't. but because i'm very new to apache i guess it is/was my fault

----------

## flazz

PROBLEM SOLVED

1) add the user apache to the users group

2) chmod g+x /home/myusername

simple as that

----------

## BlinkEye

 *flazz wrote:*   

> PROBLEM SOLVED
> 
> 1) add the user apache to the users group
> 
> 2) chmod g+x /home/myusername
> ...

 

will try it out as soon as i get my server up and running again. 

ps: if you would change the title of this thread to something like "apache2 & user web access [solved]" it would help others while fast browsing the forums. 

thanks

----------

## aamonten

yes it works, thanks guys.. don't forget to set [solved] on the title

----------

## barrct

Stupid question...

I want to add the mount --bind to my fstab, but what I don't know what to use for the filesystem type?

What would the fstab line be?

/home/username/public_html /var/www/localhost/username ??????

----------

## Eduardo Andrade

Thank you flazz !!!

I was looking for this one for hours, duh !  :Cool: 

----------

