# apache user directories

## SerfurJ

apache2 userdir hasn't worked for me since i installed gentoo.  i noticed that apache2's default config doesn't load mod_userdir.c, so i added the IfModule.. directive below from my working slackware config.

```

LoadModule userdir_module                modules/mod_userdir.so

<IfModule mod_userdir.c>

    UserDir public_html

</IfModule>

```

does anybody know what the problem is?

thanks,

jason

----------

## moocha

 *SerfurJ wrote:*   

> i noticed that apache2's default config doesn't load mod_userdir.c

 

Yes it does. You probably just haven't been looking at the correct file.

```
moocha root # grep mod_userdir /etc/apache2/conf/apache2.conf

LoadModule userdir_module                modules/mod_userdir.so
```

----------

## SerfurJ

my bad, i meant it doesn't contain this section

```
<IfModule mod_userdir.c>

UserDir public_html

</IfModule>
```

----------

## /bin/bash

Do you have a:

```

<Directory /home/*/public_html>

</Directory>

```

entry? And does it allow people to access the user directories? ie:

Order allow,deny

Allow from all

----------

## SerfurJ

yep, here's what i have:

```

<Directory /home/*/public_html>

    AllowOverride FileInfo AuthConfig Limit

    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

    <Limit GET POST OPTIONS PROPFIND>

        Order allow,deny

        Allow from all

    </Limit>

    <LimitExcept GET POST OPTIONS PROPFIND>

        Order deny,allow

        Deny from all

    </LimitExcept>

</Directory>

```

i've tried it with and without that.

----------

## /bin/bash

Hmm, maybe you should be more specific about how it is failing: Forbidden error, 404 error, something else?

----------

## pilla

Moved from OTG

----------

## SerfurJ

here's the error:

```
Forbidden

You don't have permission to access /~jason/ on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Apache/2.0.49 (Gentoo/Linux) PHP/4.3.6RC2 Server at xxx Port 80
```

----------

## /bin/bash

I think I might know the problem. If you want everybody to be able to  access /~jason/public_html you need to chmod the directory so it is world readable. Otherwise you must be logged in as jason to access it.

----------

## SerfurJ

i usually have public_html set to 711, but i tried setting public_html and everything in it to 755 while i was troubleshooting.. no banana.  same error.

so /bin/bash, do your user directories work with apache2 in gentoo?  if so, what's your configuration?

thanks

----------

## /bin/bash

Sorry, but I don't use the user directories. 

I'll set up my test server to allow it, and see if I can figure it out. I'll get back to you...

Maybe someone else reading this has an idea?

----------

## /bin/bash

Well, I'm getting the exact same error. As far as my knowledge goes, it should be working:

```

LoadModule userdir_module                modules/mod_userdir.so

<IfModule mod_userdir.c> 

    UserDir public_html 

</IfModule>

<Directory /home/*/public_html>

    AllowOverride All

    Options MultiViews -Indexes Includes FollowSymLinks

    <IfModule mod_access.c>

      Order allow,deny

      Allow from all

    </IfModule>

</Directory>

```

Directory is chmoded appropriately...what else is there?

Sorry bud, I'm gonna have to leave this to someone else.

The:

"Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."

makes me think that maybe there is a higher-level directive pooching this, I mean, why wouldn't you be allowed to access an error message?

----------

## moocha

Maybe a permission problem - see the setup I use on this thread.

----------

## SerfurJ

/bin/bash, i appreciate the help.  moocha, i'll try your setup.

----------

## /bin/bash

Nope, moocha's setup is not working either.

Moocha: In the first line (the chgrp command) you mean '-R' for recursive instead of '-r' don't you?

----------

## /bin/bash

Ok, I got it...you need to chmod 751 /home/jason as well.

Doesn't seem terribly secure. Anybody can cd into /home/jason, but they can't ls the directory. Is this how it's gotta be?

----------

## SerfurJ

i tried moocha's permissions.  still not working.  i don't want to chmod 751 my home directory..  that doesn't make sense.

----------

## moocha

If you don't give execute permissions on /home/<user> of course it won't work. Execute for others on directory means anyone can traverse that directory. Nothing other to do with accessing files and/or dirs under it. So yes, it's meant to be that way.

You can't have the cake and eat it, too. Either userdirs and potential security troubles, or no security troubles and no userdirs. You'll have to choose.

----------

## /bin/bash

Doesn't make sense?

It turns the execute bit on the directory name which means that you can traverse the directory. You still can't read anything in there. I've done some searching on the web and I believe that that is how it's gotta be if you want to use user directories.

If you don't like that then the only other thing I can think of is to create an alias so ~jason gets resolved to a directory under the document root that is writable by jason.

----------

## moocha

 */bin/bash wrote:*   

> Moocha: In the first line (the chgrp command) you mean '-R' for recursive instead of '-r' don't you?

 

Yup. Fixed - thanks!

----------

## moocha

 */bin/bash wrote:*   

> If you don't like that then the only other thing I can think of is to create an alias so ~jason gets resolved to a directory under the document root that is writable by jason.

 

Even then the directory must be executable - an alias can't magically bypass file system access control (apache is written so as to ensure that - thank $deity  :Smile:  )

----------

## /bin/bash

No, what I mean is to create a directory in htdocs named 'jason' or whatever, make it writable by user jason, then set up an alias so ~jason resolves to the other directory, not the one in the users /home directory. Wouldn't that work?

----------

## moocha

Yes, that would work - what I meant was that the directory under /htdocs would also have to be executable (at least by the group apache). Also you'd have to give the user jason write permission in that directory - which ends up as being even more insecure than the userdir way. Ah well.

----------

## SerfurJ

i got it working.  yep, had to chmod 711 my home dir.  accidentally used the -R option.  it's going to be fun trying to get all my permissions under my home directory back to the way they were.  well thanks a lot for all the help.

----------

## geforce

I didn't take to time to read all the posts because I have to go but I had problems with public_html and this solved my problem (whitout I had to touch my apache2.conf):

 *Quote:*   

> 
> 
> PROBLEM SOLVED
> 
> 1) add the user apache to the users group
> ...

 

----------

