pcfg_openfile: unable to check htaccess file - apache

This is not the first question based on this error, I know, and I have checked what I can, but still do not understand the problem.
Below is the error message.
[Sun Jul 07 11:13:37.482061 2019] [core:crit] [pid 11261] (1)Operation not permitted: [client ::1:50913] AH00529: /Users/jokerham/Documents/Workspace/web/Nanitelink/www/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/Users/jokerham/Documents/Workspace/web/Nanitelink/www/' is executable
These are the things that I checked.
ls -al /
drwxr-xr-x 6 root admin 192 10 26 2018 Users
ls -ale# /Users
drwxr-xr-x+ 57 jokerham staff 1824 7 4 23:10 jokerham
0: group:everyone deny delete
ls -ale# /Users/jokerham
drwxr-xr-x+ 29 jokerham staff 928 3 24 18:03 Documents
0: group:everyone deny delete
ls -ale# /Users/jokerham/Documents
drwxr-xr-x 11 jokerham staff 352 6 21 20:44 Workspace
ls -ale# /Users/jokerham/Documents/Workspace
drwxr-xr-x 6 jokerham staff 192 7 4 22:51 web
ls -ale# /Users/jokerham/Documents/Workspace/web
drwxr-xr-x 9 jokerham staff 288 7 5 07:50 Nanitelink
ls -ale# /Users/jokerham/Documents/Workspace/web/Nanitelink
drwxr-xr-x 6 jokerham admin 192 6 28 07:17 www
ls -ale# /Users/jokerham/Documents/Workspace/web/Nanitelink/www
-rw-r--r-- 1 jokerham admin 173 6 21 21:38 .htaccess
As seen above result, web root folder 'www' is readable & executable by anyone and .htaccess is readable by anyone. Why I am I still getting the error?

Related

slapd starts when called directly but won't start from systemctl

running fedora 27 here. I'm attempting to run slapd from a fresh openldap install. When I try and run with systemctl start openldap, the daemon fails to start. journalctl gives the following output:
Jun 19 00:30:25 slapd[1325]: #(#) $OpenLDAP: slapd 2.4.45 (Dec 6 2017 14:25:36) $
mockbuild#buildhw-08.phx2.fedoraproject.org:/builddir/build/BUILD/openldap-2.4.45/openldap-2.4.45/servers/slapd
Jun 19 00:30:25 slapd[1326]: mdb_db_open: database "dc=my-domain,dc=com" cannot be opened: Permission denied (13). Restore from backup!
Jun 19 00:30:25 slapd[1326]: backend_startup_one (type=mdb, suffix="dc=my-domain,dc=com"): bi_db_open failed! (13)
Jun 19 00:30:25 slapd[1326]: slapd stopped.
Jun 19 00:30:25 audit[1326]: AVC avc: denied { map } for pid=1326 comm="slapd" path="/var/lib/ldap/lock.mdb" dev="xvda1" ino=1716389 scontext=system_u:system_r:slapd_t:s0 tcontext=system_u:object_r:slapd_db_t:s0 tclass=file permissive=0
However, if I run the daemon directly with /usr/sbin/slapd -u ldap -d -1 -h "ldap:/// ldaps:/// ldapi:///", the daemon starts with no issue.
My systemctl script is below:
[Unit]
Description=OpenLDAP Server Daemon
After=syslog.target network-online.target
Documentation=man:slapd
Documentation=man:slapd-config
Documentation=man:slapd-hdb
Documentation=man:slapd-mdb
Documentation=file:///usr/share/doc/openldap-servers/guide.html
[Service]
Type=forking
ExecStartPre=/usr/libexec/openldap/check-config.sh
ExecStart=/usr/sbin/slapd -u ldap -h "ldap:/// ldaps:/// ldapi:///"
[Install]
WantedBy=multi-user.target
Alias=openldap.service
I've checked permissions on the ldap config directory and db directory and they seem correct for the ldap user:
[root#localhost operations]# ll /etc/openldap/slapd.d/cn\=config
total 24
drwxr-x---. 2 ldap ldap 4096 Jun 15 23:00 'cn=schema'
-rw-------. 1 ldap ldap 378 Jun 15 23:00 'cn=schema.ldif'
-rw-------. 1 ldap ldap 513 Jun 15 23:00 'olcDatabase={0}config.ldif'
-rw-------. 1 ldap ldap 412 Jun 15 23:00 'olcDatabase={-1}frontend.ldif'
-rw-------. 1 ldap ldap 562 Jun 15 23:00 'olcDatabase={1}monitor.ldif'
-rw-------. 1 ldap ldap 609 Jun 15 23:00 'olcDatabase={2}mdb.ldif'
[root#localhost operations]# ll /var/lib/| grep ldap
drwx------. 2 ldap ldap 4096 Jun 19 00:30 ldap
[root#localhost operations]# ll /var/lib/ldap/
total 0
-rw-------. 1 ldap ldap 8192 Jun 19 00:30 lock.mdb
Any advice would be much appreciated.
It seems you're using back-mdb. Good.
Does your DB directory /var/lib/ldap/ really contain only file lock.mdb?
There should also be a bigger file called data.mdb with the actual data.

folder sharing using apache 2.2.26

I am new to apache. I am using apache 2.2.26 in mac.
I want to give link to user for a folder, using which he will download files from that folder. i created a conf file under /Private/etc/apache2/other/ with following settings
Alias /outputfiles/ /Users/XXXX/sharing
<Directory "/Users/XXXX/sharing">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
when i issued "localhost/outputfiles/" in browser, i got 403 Forbidden message.
and error_log contains following at end of file.
[Thu Oct 30 10:20:22 2014] [notice] Apache/2.2.26 (Unix) DAV/2 mod_ssl/2.2.26 OpenSSL/0.9.8za configured -- resuming normal operations
[Thu Oct 30 10:20:26 2014] [error] [client ::1] client denied by server configuration: /Users/XXXX/sharingindex.html
ls -la for /Users/XXXX/sharing
commmand gives following output
total 128
drwxr-xr-x 7 755 110063367 238 Oct 29 16:07 .
drwxr-xr-x+ 43 XXXX 110063367 1462 Oct 30 10:18 ..
-rw-r--r--# 1 755 110063367 6148 Oct 30 10:17 .DS_Store
-rw-r--r--# 1 755 110063367 37441 Sep 1 12:28 Trade.txt
-rw-r--r-- 1 755 110063367 3727 Sep 1 11:44 census.txt
-rw-r--r-- 1 755 110063367 4683 Sep 19 15:23 script.sh
-rw-r--r-- 1 755 110063367 22 Sep 23 15:27 testing.sql
Can you please guide me in this.

Correct Apache var/www permissions

I'm new to writing permissions in Apache. This is a shared sever of which I have one account on it.
I was having an issue with FileZilla not being able to write to my var/www directory and in an attempt to change its permissions I think I have made it worse.
Here are my current settings
$ ls -l
total 40
drwxr-xr-x 2 root root 4096 Feb 5 2013 backups
drwxr-xr-x 7 root root 4096 Jul 30 2013 cache
drwxr-xr-x 26 root root 4096 Jul 30 2013 lib
drwxrwsr-x 2 root staff 4096 Apr 15 2008 local
lrwxrwxrwx 1 root root 9 Feb 5 2013 lock -> /run/lock
drwxr-xr-x 7 root root 4096 Jul 30 2013 log
drwxrwsr-x 2 root mail 4096 Feb 5 2013 mail
drwxr-xr-x 2 root root 4096 Feb 5 2013 opt
lrwxrwxrwx 1 root root 4 Feb 5 2013 run -> /run
drwxr-xr-x 4 root root 4096 Feb 5 2013 spool
drwxrwxrwt 2 root root 4096 Feb 5 2013 tmp
drwxrwx--- 2 root root 4096 Jul 30 2013 www
Can anyone tell me what are the correct permissions to have on the www folder, and even better how to obtain them?
I think it should be
drwxrwxr-x 2 root root 4096 Jul 30 2013 www
Thanks
There is no such thing as "correct permissions".
There's the permissions setup which was used as default in your installation.
There's the right permissions to use for YOUR security model
You appear to be using a security model which requires non-standard permissions, And you've not once mentioned 'users' or 'groups' let alone what your security model is.
As root, you should chown /var/www to whoever should 'own' the directory (hint: it's neither root nor the apache uid) then set the group ownership appropriately (we can't tell from the information you've provided what that is - but again it's neither root nor the apache uid) then chmod o_rx the directory.
Then please go learn a bit about Linux/Unix admin - try googling for "the rute"

How to add virtual directores and allow access to pages in Apache server?

I know this is a repeated question but Im totally blocked with no understanding of creating virtual directories for apache server
I'm able access my homepage index.html but I'm unable to access another page in that folder
page2.html in /var/www/html/
Also I need to view the folder Firmwares soft-linked to another folder in desktop.
I'm using Fedora 14
Here are my questions
1. How can enable access to other pages in /var/www/html/?
2. What privileges must I provide that Folder and what changes in httpd.conf?
3. How can I just easily add a virtual directory? Do I have to edit the .conf file every time?
(Can I edit .conf file once and then create sub directories in the same parent folder without fuss?)
Current HTTPD.conf is -
http://pastebin.com/BBxaAhMk
Current Privileges are -
[root#wbserv ~]# ls -l /var/www/
total 24
drwxr-xr-x. 2 root root 4096 Jul 26 2010 cgi-bin
drwxr-xr-x. 3 root root 4096 Jan 25 17:23 error
drwxr-xr-x. 2 root root 4096 Feb 14 04:41 html
drwxr-xr-x. 3 root root 4096 Jan 25 17:26 icons
drwxr-xr-x. 14 root root 4096 Jan 25 17:27 manual
drwxr-xr-x. 2 webalizer root 4096 Feb 7 03:39 usage
[root#wbserv ~]# ls -l /var/www/html/
total 868
-rwxr-xr-x. 1 root root 52264 Feb 6 15:48 bkg.jpg
-rwxr-xr-x. 1 root root 462993 Feb 6 15:48 banner.png
-rwxr-xr-x. 1 root root 28785 Feb 6 15:48 title.png
lrwxrwxrwx. 1 root root 24 Feb 10 15:39 Firmwares -> /root/Desktop/Firmwares/
-rwxr-xr-x. 1 root root 6282 Feb 14 04:39 index.html
-rwxr-xr-x. 1 root root 9304 Feb 6 15:48 logo.png
-rwxr-xr-x. 1 root root 16877 Feb 6 15:48 sorttable.js
-rwxr-xr-x. 1 root root 1432 Feb 14 04:39 page2.html
-rwxr-xr-x. 1 root root 4303 Feb 6 15:48 style.css
[root#wbserv ~]# ls -l /root/Desktop/
total 16
drwx------. 4 root root 4096 Jan 31 15:28 Firmwares
drwx------. 10 root root 4096 Feb 14 04:36 Utilities

Apache Virtual Host URL

I made an Apache virtual host for a web application that works fine, but I have a problem with the URL. I want my application to be accessed only using an url similar with: http://ip_address/app_name, but now the aplication can be access also with http://ip_address/.
My virtual host looks like this:
NameVirtualHost 192.168.5.235:80
<VirtualHost 192.168.5.235:80>
ServerName 192.168.5.235
Alias /ksw "/home/ksw/site"
DocumentRoot "/home/ksw/site/"
ErrorLog /home/ksw/logs/error_log
CustomLog /home/ksw/logs/access_log combined
</VirtualHost>
Is there a way to configure my application to be accessed only using http://ip_adress/app_name? Thanks.
The home /home/ksw/site files are:
drwxrwxr-x 18 apache apache 4096 Aug 4 17:41 .
drwxr-xr-x 4 root root 4096 Aug 3 20:17 ..
-rw-rw-r-- 1 apache apache 825 Aug 3 20:18 AdminSettings.sample
-rw-rw-r-- 1 apache apache 2179 Aug 3 20:18 api.php
-rw-rw-r-- 1 apache apache 28 Aug 3 20:18 api.php5
drwxrwxr-x 2 apache apache 4096 Aug 3 20:17 bin
drwxrwxr-x 2 apache apache 4096 Aug 3 20:18 config
-rw-rw-r-- 1 apache apache 4505 Aug 3 20:18 config.php
-rw-rw-r-- 1 apache apache 17997 Aug 3 20:17 COPYING
drwxrwxr-x 4 apache apache 4096 Aug 3 20:18 docs
drwxrwxr-x 3 apache apache 4096 Aug 3 20:17 extensions
-rw-rw-r-- 1 apache apache 162 Aug 3 20:18 FAQ
-rw-rw-r-- 1 apache apache 236945 Aug 3 20:17 HISTORY
drwxrwxr-x 2 apache apache 4096 Aug 3 20:18 home
drwxrwxrwx 3 apache apache 4096 Aug 3 20:17 images
-rw-rw-r-- 1 apache apache 2474 Aug 3 20:18 img_auth.php
-rw-rw-r-- 1 apache apache 35 Aug 3 20:17 img_auth.php5
drwxrwxr-x 9 apache apache 12288 Aug 4 14:13 includes
-rw-rw-r-- 1 apache apache 4561 Aug 3 21:03 index.php
-rw-rw-r-- 1 apache apache 32 Aug 3 20:17 index.php5
-rw-rw-r-- 1 apache apache 3992 Aug 3 20:17 INSTALL
-rw-rw-r-- 1 apache apache 3772 Aug 3 20:18 install-utils.inc
drwxrwxr-x 4 apache apache 4096 Aug 3 20:18 languages
drwxrwxr-x 2 apache apache 4096 Aug 3 20:17 locale
-rw-rw-r-- 1 apache apache 4993 Aug 4 14:05 LocalSettings.php
drwxrwxr-x 8 apache apache 4096 Aug 3 20:18 maintenance
-rw-rw-r-- 1 apache apache 569 Aug 3 20:18 Makefile
drwxrwxr-x 2 apache apache 4096 Aug 3 20:17 math
-rw-rw-r-- 1 apache apache 1532 Aug 3 20:18 opensearch_desc.php
-rw-rw-r-- 1 apache apache 6173 Aug 3 20:18 profileinfo.php
-rw-rw-r-- 1 apache apache 3535 Aug 3 20:18 README
-rw-rw-r-- 1 apache apache 299 Aug 4 17:41 redirect.php
-rw-rw-r-- 1 apache apache 35 Aug 3 20:17 redirect.php5
-rw-rw-r-- 1 apache apache 91 Aug 3 20:17 redirect.phtml
-rw-rw-r-- 1 apache apache 34280 Aug 3 20:17 RELEASE-NOTES
drwxrwxr-x 2 apache apache 4096 Aug 3 20:17 serialized
-rw-rw-r-- 1 apache apache 18814 Aug 3 20:18 setup.php
-rw-rw-r-- 1 apache apache 20480 Aug 3 20:18 .setup.php.swp
drwxrwxr-x 9 apache apache 4096 Aug 3 20:18 skins
-rw-rw-r-- 1 apache apache 603 Aug 3 20:18 StartProfiler.php
drwxrwxr-x 4 apache apache 4096 Aug 3 20:17 t
-rw-rw-r-- 1 apache apache 12822 Aug 3 20:18 Test.php
drwxrwxr-x 2 apache apache 4096 Aug 3 20:18 tests
-rw-rw-r-- 1 apache apache 2746 Aug 3 20:18 thumb.php
-rw-rw-r-- 1 apache apache 32 Aug 3 20:18 thumb.php5
-rw-rw-r-- 1 apache apache 1373 Aug 3 20:18 trackback.php
-rw-rw-r-- 1 apache apache 13195 Aug 3 20:18 UPGRADE
drwxrwxr-x 16 apache apache 4096 Aug 3 20:18 wiki
-rw-rw-r-- 1 apache apache 88 Aug 3 20:17 wiki.phtml
-rw-rw-r-- 1 apache apache 3830 Aug 3 20:18 xmlp4.php
Captain Obvious says it shouldn't be so. =)
May be only if 'app_name' dir is a symbolic link to 'ip_addr' dir.
Or if you use django (for example) and configured views incorrectly.
Do you use php? If so - something definitely wrong happens=)
added:
If you 'app_name' string is actually 'ksw' than...
You've installed you mediawiki in the site root dir and ONLY added a link by 'Alias /ksw' to it!!
Solutions:
If you want ONLY to restrict access to http://ip_address/ use .htaccess apache file.
If you want 2 different pages at / and /app_name you need to create folder 'app_name' and install your app there!
That's all.