I need to get apache running as a non-root user, listening to port 8443, in order to have a new website available (on localhost:8443) for internal security scanning, on a CentOS 7.3 system. I understand only the basics of apache (on Ubuntu), and I am NOT a web administrator, so am unfamiliar with the many options / config settings necessary to get this to work.
I have a directory (/webcontent) with my website content (which requires php), and can host there the various conf files necessary. But I am stumbling through getting httpd.conf setup properly for apache to run as a local user, launched with:
httpd -f /webcontent/conf/httpd.conf
And have set the logs to write to /webcontent/logs (via ErrorLog parameter), but it then complains about not having write access to /run/httpd, and so won't actually start:
[Thu Feb 23 11:59:51.289587 2017] [auth_digest:error] [pid 25464]
(13)Permission denied: AH01762: Failed to create shared memory segment
on file /run/httpd/authdigest_shm.25464
I imagine this is only the first of many problems I might have to get this running, so if anyone can point out the specific config settings necessary in httpd.conf (or elsewhere?) to get this scenario to work, that would be very much appreciated. Or has any other suggestions on running a non-root instance of apache for testing.
A bit late, but I see there's no answer so far. I just ran into this issue myself. My solution is below.
Use the DefaultRuntimeDir directive to override the default "/run/httpd" directory. This goes in httpd.conf. For example:
DefaultRuntimeDir "/my/local/rundir"
This will cause apache to create "/my/local/rundir/authdigest_shm.1234"
For some reason this doesn't also override the default pid file directory, so set it with the PidFile directive, e.g.:
PidFile "/my/local/rundir/httpd.pid"
You might also want to look at the ServerRoot directive.
Related
i'm running into a problem where a program written to be accessed as a web service can't access anything in the local file system. running the program from the command line works correctly, but fails when called via apache as a subprocess exec'd via system() from a php script ; it simply can't find the files it's supposed to work on. i'm convinced this is an apache configuration issue, as the program has no problem reading /var/www/html [the webserver document root] and any/all files/directories under it.
here are some details :
virtual centos 7 server running apache 2.4.6.
the program runs as user apache
it can read / [root dir] and interprets it correctly [i.e. it really is / the system root, not /var/www/html]
it doesn't have access to /tmp at all, nor to /var/tmp
some external files are network mounted on /mnt. the program can access /mnt, but attempts to read /mnt/{anything} fail -- even though remote shares are mounted w/effective uid/gid as apache and all files/directories are readable by world.
selinux is currently disabled
for kicks, i tried setting Require all granted inside <Directory / > and <Directory /tmp > in httpd.conf, but that didn't change anything.
does anyone have any idea what could be causing this and how i could fix it ?
thanks.
Have you checked to see if selinux is restricting access?
You can see if Selinux is causing issues by install selinux troubleshooting
yum install -y setroubleshoot
sealert -a /var/log/audit/audit.log
I'm getting a weird problem here.
I have at least 30 localhost WordPress installs made before and every one of them went fine.
Now (after re-installing Win7 and XAMPP) I can't access ANY install.php file (whether it's WPs own, a dummy empty one, etc). Also, it doesn't matter where it's located (wp-admin folder, a random place outside WP, htdocs root folder, etc).
This is not an antivirus or Windows firewall problem.
It seems to be coming from apache itself.
The apache error log says this
[Fri Nov 30 16:46:40.223524 2012] [access_compat:error] [pid 5876:tid 1604] [client ::1:59365] AH01797: client denied by server configuration: D:/xampp/htdocs/vmf05/wp-admin/install.php
Does anyone have a clue on this?
I've went through all the normal steps and haven't found a solution yet.
Also, if I disable the access_compat module, apache won't start.
Thanks in advance for your help.
I can't believe what the problem was!
I moved a .htaccess file that had the WP better security directives to the root of xampp's site as a backup, and forgot to move it back after.
No install.php file ANYWHERE could be accessed since it had the following:
<files install.php>
Order allow,deny
Deny from all
</files>
And, since the file was on the root, it was affecting the whole server.
I'm just a newbie for Apache. I just installed apache 2.2 on the FreeBSD box at my home office. The instruction on FreeBSD documentation is that I can change the DocumentRoot directive in order to use the customized directory data. Therefore, I replaced...
/usr/local/www/apache22/data
with
/usr/home/some_user/public_html
but something is not right. There's index.html file inside the directory, but it seems that apache could not read the directory/file.
Forbidden
You don't have permission to access / on this server.
The permission of
public_html
is
drwxr-xr-x
I wonder what could be wrong here. Also, in my case, I am not going to host more than one website for this FreeBSD box, so I didn't look at using VirtualHost at all. Is this a good practice just to change the DirectoryRoot directive?
Somewhere in the apache config is a line like:
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/usr/local/www/apache22/data">
You must change this path too, to make it work. This directive contains for example:
Order allow,deny
Allow from all
Which give initial user access to the directory.
one possibility that comes to mind is SELinux blocking web process from accessing that folder. If this is the case, you would see it in selinux log. You would have to check the context for your original web root with:
ls -Zl
and then apply it to your new web folder:
chcon whatevercontextyousaw public_html
Or, instead, if its not a production server that requires security (like a development machine behind a firewall), you might want to just turn selinux off.
Just one idea. Could be a number of other things.
I have an apache webserver running on centos environment. There is a folder and in that there is a file which has an extension .exe lets name the file x.exe
when I try download this file using http://mysite.com/folder/x.exe I get a 403 error.
but if I add a gif to that folder it works http://mysite.com/folder/pic.gif
I dont have SSH access to this server but need to know some clue for why this is happenning, the file permissions are correct too.
any help is appreciated
Within Apache's httpd.conf, it is possible to specify default handling actions for certain file types or paths. It may be that your server is configured to block executable files all together. Similar blocking can also occur in an .htaccess file. There are a few ways to do it... here's one:
<Files ~ "\.exe$">
Order allow,deny
Deny from all
</Files>
That little snippet could be in the main .conf file, and included .conf file, OR an .htaccess file (or all three!), and again, that is just one possibility. Your best bet is to check out the server logs. They will indicate why a given request was denied in a form similar to this:
[Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by
server configuration: /www/root
Take a look at this document for information about server logs (including default paths to the logs themselves).
As I mentioned, there are a few other ways to block access to certain file types, certain files, certain folders, etc. Without looking at the error logs, it is very difficult to determine the cause. Further, without full access to the server, it may not be possible to alter this behavior. This blockage could be in place as a matter of policy for your web host.
I'd like to add I spent like 2 hours trying this crap over and over again only to discover that selinux was denying specific file types for httpd.
try:
setenforce Permissive
and see if that corrects the error
tag
Fedora 16
well the answer was I had this in a folder where it forbids the exe
Deny from all
<FilesMatch "\.(html|HTML|htm|HTM|xhtml|XHTML|js|JS|css|CSS|bmp|BMP|png|PNG|gif|GIF|jpg|JPG|jpeg|JPEG|ico|ICO|pcx|PCX|tif|TIF|tiff|TIFF|au|AU|mid|MID|midi|MIDI|mpa|MPA|mp3|MP3|ogg|OGG|m4a|M4A|ra|RA|wma|WMA|wav|WAV|cda|CDA|avi|AVI|mpg|MPG|mpeg|MPEG|asf|ASF|wmv|WMV|m4v|M4V|mov|MOV|mkv|MKV|mp4|MP4|swf|SWF|flv|FLV|ram|RAM|rm|RM|doc|DOC|docx|DOCX|txt|TXT|rtf|RTF|xls|XLS|xlsx|XLSX|pages|PAGES|ppt|PPT|pptx|PPTX|pps|PPS|csv|CSV|cab|CAB|arj|ARJ|tar|TAR|zip|ZIP|zipx|ZIPX|sit|SIT|sitx|SITX|gz|GZ|tgz|TGZ|bz2|BZ2|ace|ACE|arc|ARC|pkg|PKG|dmg|DMG|hqx|HQX|jar|JAR|xml|XML|pdf|PDF)$">
Allow from all
</FilesMatch>
added exe there and worked fine,
also a note, this was in a SilverStripe CMS powered site, and in the assets folder of SilverStripe
i am having problems with setting up a virtual host (Aptana Project directory) on a LAMP installation on Ubuntu 11 (via tasksel).
i can access
/var/www via ht*p://localhost, but accessing /home/tg/Aptana... via ht*p://ea-dev returns an
"You don't have permission to access / on this server."
this is my apache2.conf: http://pastebin.com/Yja02tnE
this is my ea-dev located in /etc/apache2/sites-available/: http://pastebin.com/U1Vu2jxD
thats what i get in the error.log:
[crit] [client 127.0.0.1]
(13)Permission denied: /home/tg/.htaccess pcfg_openfile: unable to
check htaccess file, ensure it is readable
I really don't understand why its written /home/tg and not /home/tg/Aptana... but maybe its just an abbreviation.
Have you checked to make sure the user running the apache daemon can read the files in the directories in question? I'd start with the .htaccess file. That is almost always the cause of the permission denied error. You may also need to add the tg user to the www-data group.
However, the other thing that stands out is the use of spaces in your path for DocumentRoot... I haven't actually ever done that, so I would also try normalizing your directory path, removing spaces and capital letters. That could explain why the path in the error log does not match the path you expected to see - apache does not normally abbreviate such things.
Good luck and let us know if you make any progress or have additional questions/info.