logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.


Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: 403 Forbidden You don't have permission to access this resou
Author
xiaobaingtai



Joined: 27 Aug 2021
Posts: 2
Location: Australia, Sydney

PostPosted: Fri 27 Aug '21 14:59    Post subject: 403 Forbidden You don't have permission to access this resou Reply with quote

Hello

After moving my Root Document to an external partition, I'm encountering the error the error Forbidden You don't have permission to access this resource.

I believe this to be some kind of perms/ownership issue but I'm having difficulty with even the most permissive of settings as sudo apachectl configtest returns OK.

When I moved index.html, I did so by issuing:
Quote:
sudo rsync -av /var/www/html /media/exthdd1tb/www/html

Subsequently, I also:
Quote:
sudo chmod -R 755 /media/exthdd1tb/www/html

And:
Quote:
sudo chown -R www-data:www-data /media/exthdd1tb/www/html


I've tried a few guides I found online where people report similar problems, but I can't seem to get mine to resolve. I've also quite a few times:
Quote:
sudo systemctl reload apache2.


Here are some config details. I'm running Apache/2.4.48 on a Debian based server.

For the configuration files apache2.conf:
apache2.conf now resembles:
Code:
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /media/exthdd1tb/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>


and added the new location in 000-default.conf and ssl-default.conf:
000-default.conf:
Code:
ServerAdmin webmaster@localhost
        #DocumentRoot /var/www/html < old, default root
        DocumentRoot /media/exthdd1tb/www/html

ssl-default.conf:
ServerAdmin webmaster@localhost
                #DocumentRoot /var/www/html < old, default root
                DocumentRoot /media/exthdd1tb/www/html


when I run
Quote:
apache2 --versions
I see:
Code:
[Fri Aug 27 22:56:25.942013 2021] [core:warn] [pid 11213] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
apache2: Syntax error on line 80 of /etc/apache2/apache2.conf: DefaultRuntimeDir must be a valid directory, absolute or relative to ServerRoot
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6998
Location: Germany, Next to Hamburg

PostPosted: Fri 27 Aug '21 20:17    Post subject: Reply with quote

You may try


Code:

source /etc/apache2/envvars
/usr/sbin/apache2ctl -S
Back to top
xiaobaingtai



Joined: 27 Aug 2021
Posts: 2
Location: Australia, Sydney

PostPosted: Sun 29 Aug '21 8:21    Post subject: Reply with quote

I ran the command:
Quote:
source /etc/apache2/envvars

which generated no output.
Then I tried:
Quote:
/usr/sbin/apache2ctl -S

which returned:
[/code]AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used [/code]
I ran
Quote:
sudo cat /var/log/apache2/error.log

and found it was full of lines like:
Code:
[Sun Aug 29 16:01:39.815509 2021] [core:error] [pid 26113] (13)Permission denied: [client 192.168.1.7:54830] AH00035: access to /favicon.ico denied (filesystem path '/media/exthdd1tb/www') because search permissions are missing on a component of the path, referer: http://192.168.1.88/

At the suggest of some other forum posts on like-issues I
Quote:
sudo find /media/exthdd1tb/www -type d -exec chmod 755 {} \;

Quote:
sudo find /media/exthdd1tb/www -type d -exec chmod 755 {} \;

and even
Quote:
sudo chmod a+rX -R /media/exthdd1tb/www

but I am still unable to load the site without 403'ing. I've also checked the ACLs with
Quote:
getfacl /media/exthdd1tb/www

and see that:
Code:
getfacl: Removing leading '/' from absolute path names
# file: media/exthdd1tb/www
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

I'm not entirely sure this is correct...
Back to top
tangent



Joined: 16 Aug 2020
Posts: 125
Location: UK

PostPosted: Sun 29 Aug '21 22:42    Post subject: Reply with quote

How about temporarily changing the login shell for www-data to /bin/bash, so you can switch user and check out where in the path the permissions problem lies, e.g.
Code:
user@host:~$ sudo chsh -s /bin/bash www-data
user@host:~$ sudo su - www-data
www-data@host:~$ # check access permissions as www-data ...
www-data@host:~$ exit
user@host:~$ sudo chsh -s /usr/sbin/nologin www-data
Back to top


Reply to topic   Topic: 403 Forbidden You don't have permission to access this resou View previous topic :: View next topic
Post new topic   Forum Index -> Apache