# Apache permissions error [solved]

## mystified

I have two sites that I access through /var/www/localhost/htdocs.  One is called forum which is a local copy of an ipb board and the other is nut which allow me to access my ups online.

localhost/nut was working fine but now I get a permission problem.

I have cgi-bin uncommented in apache and it's got the correct path.

This is from the apache error_log.

```
[Sat Jun 02 10:51:39 2007] [error] [client 127.0.0.1] Directory index forbidden by rule: /var/www/localhost/htdocs/nut/
```

nut uses cgi-bin.  I have cgi-bin enabled in apache2.

These are my permissions:

```
localhost log # ls -l /var/www/localhost/cgi-bin/nut

total 629

-rwxr-xr-x 1 root root 530156 May 11 16:18 htsearch

-rwxr-xr-x 1 root root    268 May 11 16:18 printenv

-rwxr-xr-x 1 root root    757 May 11 16:18 test-cgi

-rwxr-xr-x 1 root root  29120 Jun  1 16:27 upsimage.cgi

-rwxr-xr-x 1 root root  33024 Jun  1 16:27 upsset.cgi

-rwxr-xr-x 1 root root  32064 Jun  1 16:28 upsstats.cgi

```

These are my permission for nut:

```
localhost log # ls -l /var/www/localhost/htdocs/nut

total 16

-rwxr-xr-x 1 root root   62 May 11 16:13 bottom.html

-rwxr-xr-x 1 root root  623 May 11 16:14 header.html

-rwxr-xr-x 1 root root  503 May 11 16:14 index.html

-rwxr-xr-x 1 root root 2750 May 11 16:14 nut-banner.png

```

I can't figure out why I don't have permission.

Thanks in advance.Last edited by mystified on Sat Jun 02, 2007 10:43 pm; edited 1 time in total

----------

## BitJam

To get CGI working I had to:

```
$ cd /var/www/localhost

$ sudo chown -R apache:apache cgi-bin
```

I think I actually did it for all files/dirs under /var/www/localhost.  Someone should probably file a bug report so the CGI works right out of the box.  On the other hand, a little hurdle like this gets the user to start thinking about security from the start.

----------

## di1bert

Does it give this error when you go to [i]http://whatever/nut[i] or [i]http://whatever/nut/index.html[i] ?

It probably has something to do with the Index option in your Apache configuration.

Perhaps post your options for that directory, failing that you can try 

creating a <Directory /var/www/localhost/htdocs/nut> entry and allow Directory Indexing 

(I think that's the correct term)

Either that or there is a .htaccess file that's disallowing your access.

Without a little more information on your configuration this is a little more than guess work.

HTH

-m

----------

## mystified

I think it's an .htaccess problem.  I finally got to the page by going to localhost/nut/index.html

But when I click on Statistics I get cannot open /etc/hosts.conf.  When I click on settings I get: Error: Can't open upsset.conf to verify security settings.

Refusing to start until this is fixed.

I have .htaccess in cgi-bin nut with the following:

```
<Files upsset.cgi> 

deny from all 

allow from 127.0.0.1 

</Files>
```

In /etc/hosts.conf I have:

```
MONITOR belkin@localhost "Local UPS"

```

I also added this to httpd.conf.  But I think I'm missing something somewhere.

According to a nut developer you need this to secure your ups.

----------

## Hu

Based on the original error message, I agree with di1bert.  Apache has been configured not to index that directory, so when you request the directory, it refuses to return a list of entries in that directory ("the index").  From a filesystem perspective, Apache can return the listing and can read files in the directory, which is why you can retrieve index.html.

For the /etc/hosts.conf problem: what is the output of ls -l /etc/hosts.conf?  Similarly, what is the output of ls -l on the upsset.conf file, wherever it is?  Have you configured upsset.cgi so that it can find upsset.conf?  Is anything written to the Apache error log, which might reveal more about why these files cannot be opened?

That .htaccess file is fine, but is not relevant to your current problem.  It simply instructs Apache not to serve any address other than 127.0.0.1 for the listed file.  This secures your UPS by requiring that the connection come from the same machine as the one Apache is running on.

----------

## mystified

From httpd.conf I have

```
<Directory /var/www/localhost/cgi-bin>

    Options ExecCGI

    SetHandler cgi-script

</Directory>
```

```
localhost cgi-bin # ls -l /etc/hosts

-rwxrwxrwx 1 root root 1045 Jun  2 12:33 /etc/hosts
```

```
localhost cgi-bin # ls -l /etc/nut/upsset.conf

-rwxrwxrwx 1 root root 1329 Jun  2 13:48 /etc/nut/upsset.conf

```

From the apache error_log

```
[Sat Jun 02 14:55:12 2007] [error] [client 127.0.0.1] upsstats: Can't open /etc/nut/hosts.conf: Permission denied, referer: http://localhost/nut/header.html

[Sat Jun 02 14:55:14 2007] [error] [client 127.0.0.1] upsset.conf does not exist to permit execution, referer: http://localhost/nut/header.html
```

I don't know why it says header.html when I'm going to index.html

I don't know how to configure upsset.cgi to find upsset.conf.  There's nothing like that in the nut manual.

How do I enable the Directory Index?

----------

## Hu

First off, the permissions on /etc/hosts are dangerously wrong.  It should be mode 644, not 777!  Run chmod 644 /etc/hosts to fix it.  You should also check that it has not been manipulated by an unauthorized process.  However, that is not the interesting file.  The error message is warning about /etc/hosts.conf, not /etc/hosts.  Please post the output of the command I originally requested, ls -l /etc/hosts.conf.

The permissions on /etc/nut/upsset.conf are also dangerously insecure.  What is the output of ls -la /etc/nut/?  I suspect that /etc/nut does not allow search permission for Apache.

To enable directory indexing, you need to add Indexes to the list of keywords specified after Options in your httpd.conf file.

Most likely, index.html is a frameset, and one of the frames within it is header.html.

----------

## mystified

Ok, I changed the permission. And I have:

```
-rw-r--r-- 1 root root 1071 Jun  2 14:15 hosts.conf

```

```
localhost nut # ls -l /etc/nut

total 48

-rw-r--r-- 1 root root  1071 Jun  2 14:15 hosts.conf

-rw-r--r-- 1 root root  3719 Jun  2 14:15 ups.conf

-rw-r--r-- 1 root nut   1364 Jun  2 14:15 upsd.conf

-rw-r--r-- 1 root nut   2196 Jun  2 14:15 upsd.users

-rw-r--r-- 1 root nut  11124 Jun  2 14:15 upsmon.conf

-rw-r--r-- 1 root root  3893 Jun  2 14:15 upssched.conf

-rw-r--r-- 1 root root  1329 Jun  2 14:15 upsset.conf

-rw-r--r-- 1 root root  5592 Jun  2 14:15 upsstats-single.html

-rw-r--r-- 1 root root  3968 Jun  2 14:15 upsstats.html

```

I added this to httpd.conf

```
<Directory /var/www/localhost/cgi-bin>

    Options ExecCGI Indexes

    SetHandler cgi-script

</Directory>
```

Is this correct?

----------

## mystified

Well I can now access it via locahost/nut.  Statistics now works.  But settings still gives me Error: Can't open upsset.conf to verify security settings.

Refusing to start until this is fixed.

----------

## Hu

Your httpd.conf appears to be correct and the permissions on hosts.conf look sane.

To solve the permissions problem affecting Nut, I need to see the permissions on the directory /etc/nut/, which is why I asked for the output of ls -la /etc/nut/.  The -a causes ls to include (among other things) the directory itself, which will show the read/write/search status for the directory.  The output you pasted confirms that all the files in that directory look sane, but it does not include any information about the directory permissions.

I use bold tags for commands, so that readers can easily spot the boundaries of the command and copy it straight to a terminal.  Similarly, when posting the output of commands, it is helpful (as you did in your second code block, but not in the first code block) to include the line containing your prompt and the command you issued.  This lets readers confirm that the correct command was issued and makes it easier for us to compare your results to our own (in cases where we expect to have equivalent configurations).

----------

## mystified

```
localhost mystified # ls -la /etc/nut

total 53

drwxr-xr-x  2 root nut    336 Jun  2 16:12 .

drwxr-xr-x 75 root root  4592 Jun  2 15:59 ..

-rw-r--r--  1 root nut   1071 Jun  2 14:15 hosts.conf

-rw-r--r--  1 root nut   3719 Jun  2 14:15 ups.conf

-rw-r--r--  1 root nut   1364 Jun  2 14:15 upsd.conf

-rw-r--r--  1 root nut   2196 Jun  2 14:15 upsd.users

-rw-r--r--  1 root nut  11124 Jun  2 14:15 upsmon.conf

-rw-r--r--  1 root nut   3893 Jun  2 14:15 upssched.conf

-rw-r--r--  1 root nut   1329 Jun  2 14:15 upsset.conf

-rw-r--r--  1 root nut   5592 Jun  2 14:15 upsstats-single.html

-rw-r--r--  1 root nut   3968 Jun  2 14:15 upsstats.html

```

Settings now works.  I'm not sure what I did but thanks for all the help!

----------

## Hu

Excellent.  Most likely, permissions on /etc/nut/ had somehow been set such that search (the x flag) was not enabled for the account under which upsset.cgi was running.

----------

