Apache [forbidden 403]错误的解决办法
来源:互联网 发布:开源软件下载 编辑:程序博客网 时间:2024/04/30 10:49
导读:
今天准备试着在Apache服务器上配置用户目录(User Directory)。遇到一个棘手的问题,现将配置过程和问题及其解决总结如下:
1、常规的配置:
添加用户web:
adduser web
passwd web
在web用户目录下建立public_html目录,并将权限设置为755:
mkdir public_html
chmod 755 public_html -R
修改/etc/http/httpd.conf:
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
#UserDir disable
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
UserDir public_html
2、测试、问题出现:
http://127.0.0.1/~web
================================
Forbidden
You don't have permission to access /~web on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.0.54 (Fedora) Server at 127.0.0.1 Port 80
一般出现这个问题,直观地会想到的目录的存取权限问题,查了很久,调了很久也没有解决问题。其间曾想到是否Selinux的问题,进去看了一圈,没有发现什么要改的地方。(后来的事实证明,有时候直觉是很准的,能否找到答案,区别往往是:是否在直觉上走的更深入)。
3、问题的解决
用Google以Apache 403搜了好一会,终于在一个博客里看到,作者遇到和我完全相同的问题:Apache、目录的配置都没问题,但就是不能显示页面。而解决方法恰恰就是修改Selinux对public_html的访问控制。
用以下命令修改文件夹安全属性
chcon -R -t httpd_user_content_t public_html/
4、关联知识的总结:
Fedora Core 5 SELinux FAQhttp://fedora.redhat.com/docs/selinux-faq-fc5/#faq-entry-public_html
Q: How do I make a user public_htmldirectory work under SELinux?
A: This process presumes that you have enabled user public HTML directories in your Apache configuration file, /etc/httpd/conf/httpd.conf. This process only covers serving static Web content. For more information about Apache HTTP and SELinux, refer to http://fedora.redhat.com/docs/selinux-apache-fc3/.
If you do not already have a ~/public_htmldirectory, create it and populate it with the files and folders to be served.
cd ~
mkdir public_html
cp /path/to/content ~/public_html
At this point, httpdis configured to serve the contents, but you still receive a 403 forbiddenerror. This is because httpdis not allowed to read the security type for the directory and files as they are created in the user's home directory. Change the security context of the folder and its contents recursively using the -Roption:
ls -Z -d public_html/
drwxrwxr-x auser auser user_u:object_r:user_home_t public_html
chcon -R -t httpd_user_content_t public_html/
ls -Z -d public_html/
drwxrwxr-x auser auser user_u:object_r:httpd_user_content_t public_html/
ls -Z public_html/
-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t bar.html
-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t baz.html
-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t foo.html
You may notice at a later date that the user field, set here to user_u, is changed to system_u. This does not affect how the targeted policy works. The field that matters is the type field.
Your static webpages should now be served correctly. If you continue to have errors, ensure that the Boolean which enables user home directories is enabled. You can set it using system-config-securitylevel. Select the SELinuxtab, and then select the Modify SELinux Policyarea. Select Allow HTTPD to read home directories. The changes take effect immediately.
所用命令解析:
ls -Z -d public_html/ #显示文件/目录的安全语境
-Z, --context
Display security context so it fits on most displays. Displays only mode, user, group, security
context and file name.
-d, --directory
list directory entries instead of contents, and do not dereference symbolic links
chcon -R -t httpd_user_content_t public_html/ #修改文件/目录的安全语境
-R, --recursive
change files and directories recursively
-t, --type
set type TYPE in the target security context
理解SElinux:
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2904784
http://www-128.ibm.com/developerworks/library/s-selinux/
http://linas.org/linux/secure.html
本文转自
http://blog.chinaunix.net/u/16329/showart.php?id=115452
今天准备试着在Apache服务器上配置用户目录(User Directory)。遇到一个棘手的问题,现将配置过程和问题及其解决总结如下:
1、常规的配置:
添加用户web:
adduser web
passwd web
在web用户目录下建立public_html目录,并将权限设置为755:
mkdir public_html
chmod 755 public_html -R
修改/etc/http/httpd.conf:
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
#UserDir disable
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
UserDir public_html
2、测试、问题出现:
http://127.0.0.1/~web
================================
Forbidden
You don't have permission to access /~web on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.0.54 (Fedora) Server at 127.0.0.1 Port 80
一般出现这个问题,直观地会想到的目录的存取权限问题,查了很久,调了很久也没有解决问题。其间曾想到是否Selinux的问题,进去看了一圈,没有发现什么要改的地方。(后来的事实证明,有时候直觉是很准的,能否找到答案,区别往往是:是否在直觉上走的更深入)。
3、问题的解决
用Google以Apache 403搜了好一会,终于在一个博客里看到,作者遇到和我完全相同的问题:Apache、目录的配置都没问题,但就是不能显示页面。而解决方法恰恰就是修改Selinux对public_html的访问控制。
用以下命令修改文件夹安全属性
chcon -R -t httpd_user_content_t public_html/
4、关联知识的总结:
Fedora Core 5 SELinux FAQhttp://fedora.redhat.com/docs/selinux-faq-fc5/#faq-entry-public_html
Q: How do I make a user public_htmldirectory work under SELinux?
A: This process presumes that you have enabled user public HTML directories in your Apache configuration file, /etc/httpd/conf/httpd.conf. This process only covers serving static Web content. For more information about Apache HTTP and SELinux, refer to http://fedora.redhat.com/docs/selinux-apache-fc3/.
If you do not already have a ~/public_htmldirectory, create it and populate it with the files and folders to be served.
cd ~
mkdir public_html
cp /path/to/content ~/public_html
At this point, httpdis configured to serve the contents, but you still receive a 403 forbiddenerror. This is because httpdis not allowed to read the security type for the directory and files as they are created in the user's home directory. Change the security context of the folder and its contents recursively using the -Roption:
ls -Z -d public_html/
drwxrwxr-x auser auser user_u:object_r:user_home_t public_html
chcon -R -t httpd_user_content_t public_html/
ls -Z -d public_html/
drwxrwxr-x auser auser user_u:object_r:httpd_user_content_t public_html/
ls -Z public_html/
-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t bar.html
-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t baz.html
-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t foo.html
You may notice at a later date that the user field, set here to user_u, is changed to system_u. This does not affect how the targeted policy works. The field that matters is the type field.
Your static webpages should now be served correctly. If you continue to have errors, ensure that the Boolean which enables user home directories is enabled. You can set it using system-config-securitylevel. Select the SELinuxtab, and then select the Modify SELinux Policyarea. Select Allow HTTPD to read home directories. The changes take effect immediately.
所用命令解析:
ls -Z -d public_html/ #显示文件/目录的安全语境
-Z, --context
Display security context so it fits on most displays. Displays only mode, user, group, security
context and file name.
-d, --directory
list directory entries instead of contents, and do not dereference symbolic links
chcon -R -t httpd_user_content_t public_html/ #修改文件/目录的安全语境
-R, --recursive
change files and directories recursively
-t, --type
set type TYPE in the target security context
理解SElinux:
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2904784
http://www-128.ibm.com/developerworks/library/s-selinux/
http://linas.org/linux/secure.html
本文转自
http://blog.chinaunix.net/u/16329/showart.php?id=115452
- Apache [forbidden 403]错误的解决办法
- Apache Forbidden 403 错误
- ubuntu下apache虚拟主机出现forbidden错误的解决办法
- Apache [forbidden 403]错误的解决办法-新建www目录引起的
- apache 报错 Access forbidden! 403错误的解决方法
- 解决php服务器(apache)下403 Forbidden错误的方法
- nginx “403 Forbidden” 错误的原因及解决办法
- nginx服务器报403 forbidden错误的解决办法
- nginx “403 Forbidden” 错误的原因及解决办法
- 遇到的HTTP错误 403.14-Forbidden解决办法
- Apache整合Tomcat报403 Forbidden错误
- 解决Apache下403 Forbidden错误
- nginx 403 Forbidden 错误及解决办法
- Nginx 403 forbidden的解决办法
- Nginx 403 forbidden的解决办法
- wamp 3.0.6(apache 2.4.23) 403 forbidden 解决办法
- 【解决办法】HTTP错误403.14-Forbidden
- HTTP错误 403.14-Forbidden解决办法
- 数控程序的检验与仿真
- JavaScript 客户端开发解决方式之自定义html标签
- FANUC-0TD 数控车床编程
- KDF2 算法
- C# 基础概念【二】
- Apache [forbidden 403]错误的解决办法
- 冲压名词术语
- 单态模式(singleton)
- 关于struct dirent 中d_name成员在某些系统中为1的问题。
- 如何排除数控机床的故障
- 我不想回家过年....
- C#基础概念【三】
- 机床数控改造浅谈
- AES算法
