I am trying to run Apache 2.4 on Ubuntu 21.10. However, I cannot get userdir to work. I did everything I can possibly google, except reinstalling apache. I am normally a Windows person, so this is driving me nuts.
What I did:
Enable userdir.conf
Set Permission of the folder public_html into 777, and change ownership to www-data
Add Require all granted to literally everywhere I can think of: apache2.conf, userdir.conf, and the config in sites-available to include
<Directory /home/*/public_html >
Require all granted
AllowOverride All
Options +Indexes
</Directory>
Yet, for some reason, all I have is ERROR 403: Forbidden when trying to go to http://localhost/~myusername
What could I possibly be missing?
Thank you.
It turns out it is "because search permissions are missing on a component of the path". So just "chmod -R 755" my entire home folder. Probably not that good of a solution, but still, it works.
Can't change Apache web root directory on Ubuntu.
file exists in sites-enabled folder
I changed /etc/apache2/sites-enabled/mynewsite.conf file document root
<Directory /media/saptarshi/BAAA7114AA70CDFF/webdev>
Options Indexes FollowSymLinks
Allow from all
AllowOverride None
Require all granted
</Directory>
and, also I changed /etc/apache2/apache2.conf file document root
<Directory /media/saptarshi/BAAA7114AA70CDFF/webdev>
Options Indexes FollowSymLinks
AllowOverride None
Allow from all
Require all granted
</Directory>
After changing those I restart the apache then it not worked. Shows
403 error. Forbidden
You don't have permission to access this resource. Apache/2.4.41 (Ubuntu) Server at localhost Port 80
But magically when I change the path within the home directory(/home/saptarshi/test) then it work. So , Is it possible to change apache root directory outside the home folder in ubuntu?
Two things I would like to mention. Firstly, because of something isn't working, don't write the same configurations into multiple apache config files. It will create more problems rather than solving one. Secondly, you should always edit the respective site config file in the /etc/apache2/sites-available/ directory rather than editing the file in the /etc/apache2/sites-enabled/ directory. It's a symlink, so, it's always better to edit the main file and reload the config.
Now your problem might or might not be related to directory path only. It might be a user permission related problem as well. Could you please attach the entire apache2.conf file and the mynewsite.conf file? Also, what's the host you're trying to access it with?
sorry if this is simple but I looked everywhere online I still cannot find a solution.
- I'm running ubuntu 14 and installed Apache2.
- the problem is that I'm trying to change the root directory to my home directory.
the original directory is /var/www/html and checking permission it belongs to root.
I edited two files,
sudo nano /etc/apache2/sites-available/000-default.conf
sudo nano /etc/apache2/apache2.conf
for the latter I changed, /var/www/html to my home/user1/wwww
<Directory /var/www/html/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
at one point I even changed permssion of my home/user1/www to www-data:webdev ut I keep getting page forbidden. Can anyone help with this? thanks in advance.
i would like to place my apache document root inside another partition of my ubuntu hard drive, but i keep getting forbidden message, when i place to my home directory it woking find, how could that be? is the group or owner affected ? here mysite.conf and apache2.conf when i place my document root in my home folder (Working)
#site-available/mysite.conf
DocumentRoot /home/jono/www
#/etc/apache2/apache2.conf
<Directory /home/jono/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
bu when i change document root to another partition i keep getting forbidden messasge
#site-available/mysite.conf
DocumentRoot /media/jono/website_data/www
#/etc/apache2/apache2.conf
<Directory /media/jono/website_data/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
is the owner/group access affected ? or there is another problem ?
at last it's working, i have to grant all access to www:data for accesing whole directory thanks to you #mark-b, using chown -R www-data:www-data to whole directory isn't good idea but for local development is ok i guest
As a quick workaround (safe and quick) you can make the mounting point of your external hard driver to the default root directory ( /var/www by default).
Assigning the mounting point to a per-existing directory is safe but the old content can't be reached unless you unmounted the driver.
To learn more how to create a mounting point refer to this. To know more about assigning the mounting point to a per-existing directory refer to this.
I'm having some trouble setting up Apache on Ubuntu. I've been following this guide.
# /usr/sbin/apache2 -v
Server version: Apache/2.2.17 (Ubuntu)
Server built: Feb 22 2011 18:33:02
My public directory, /var/www, can successfully serve up and execute PHP pages that are placed in it. However, I want to create a symlink in /var/www that points to a directory in my home folder and serve pages there.
[root /var/www]# ll
total 36
drwxr-xr-x 3 root root 4096 2011-09-11 14:22 .
drwxr-xr-x 14 root root 4096 2011-06-04 22:49 ..
lrwxrwxrwx 1 root root 16 2011-09-11 13:21 about -> /root/site/about
When I try to access /about on browser, I get
Forbidden
You don't have permission to access /about on this server.
As far as I know, I gave sufficient privileges to the files I want to serve:
[root ~/site/about]# ll
total 24
drwxr-xr-x 5 root root 4096 2011-09-11 13:20 .
drwxr--r-- 3 root root 4096 2011-09-11 13:19 ..
drwxr-xr-x 2 root root 4096 2011-09-11 13:21 contact
-rwxr-xr-x 1 root root 1090 2011-09-11 13:19 index.php
drwxr-xr-x 2 root root 4096 2011-09-11 13:20 me
drwxr-xr-x 2 root root 4096 2011-09-11 13:21 resume
I'm aware of the FollowSymLinks option, and I believe it's set in my /etc/apache2/sites-enabled/000-default file:
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options FollowSymLinks Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
Any idea what I could be missing?
Check that Apache has execute rights for /root, /root/site and /root/site/about.
Run:
chmod o+x /root /root/site /root/site/about
You can find a more secure way in Elijah's answer.
The 403 error may also be caused by an encrypted file system, e.g. a symlink to an encrypted home folder.
If your symlink points into the encrypted folder, the apache user (e.g. www-data) cannot access the contents, even if apache and file/folder permissions are set correctly. Access of the www-data user can be tested with such a call:
sudo -u www-data ls -l /var/www/html/<your symlink>/
There are workarounds/solutions to this, e.g. adding the www-data user to your private group (exposes the encrypted data to the web user) or by setting up an unencrypted rsynced folder (probably rather secure). I for myself will probably go for an rsync solution during development.
https://askubuntu.com/questions/633625/public-folder-in-an-encrypted-home-directory
A convenient tool for my purposes is lsyncd. This allows me to work directly in my encrypted home folder and being able to see changes almost instantly in the apache web page. The synchronization is triggered by changes in the file system, calling an rsync. As I'm only working on rather small web pages and scripts, the syncing is very fast. I decided to use a short delay of 1 second before the rsync is started, even though it is possible to set a delay of 0 seconds.
Installing lsyncd (in Ubuntu):
sudo apt-get install lsyncd
Starting the background service:
lsyncd -delay 1 -rsync /home/<me>/<work folder>/ /var/www/html/<web folder>/
I was having a similar problem that I could not resolve for a long time on my new server. In addition to palacsint's answer, a good question to ask is: are you using Apache 2.4? In Apache 2.4 there is a different mechanism for setting the permissions that do not work when done using the above configuration, so I used the solution explained in this blog post.
Basically, what I needed to do was convert my config file from:
Alias /demo /usr/demo/html
<Directory "/usr/demo/html">
Options FollowSymLinks
AllowOverride None
Order allow,deny
allow from all
</Directory>
to:
Alias /demo /usr/demo/html
<Directory "/usr/demo/html">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Note how the Order and allow lines have been replaced by Require all granted
Related to this question, I just figured out why my vhost was giving me that 403.
I had tested ALL possibilities on this question and others without luck. It almost drives me mad.
I am setting up a server with releases deployment similar to Capistrano way through symlinks and when I tried to access the DocRoot folder (which is now a symlink to current release folder) it gave me the 403.
My vhost is:
DocumentRoot /var/www/site.com/html
<Directory /var/www/site.com/html>
AllowOverride All
Options +FollowSymLinks
Require all granted
</Directory>
and my main httpd.conf file was (default Apache 2.4 install):
DocumentRoot "/var/www"
<Directory "/var/www">
Options -Indexes -FollowSymLinks -Includes
(...)
It turns out that the main Options definition was taking precedence over my vhosts fiel (for me that is counter intuitive). So I've changed it to:
DocumentRoot "/var/www"
<Directory "/var/www">
Options -Indexes +FollowSymLinks -Includes
(...)
and Eureka! (note the plus sign before FollowSymLinks in MAIN httpd.conf file.
Hope this help some other lost soul.
As recommended on this discussion on the Arch wiki, the default approach of setting the whole path for the other group using:
chmod o+x /root /root/site /root/site/about
is not the most secure way, since any user with access to the server will be able to access and execute files on the path exposed.
Preferably, you should set permissions to a particular user using ACL permissions.
In the case of the Apache HTTP server, that user would be "http", and permissions could be set by doing (in arch, you will need the acl package installed):
setfacl -m "u:http:--x" /path/to/directory"
You will have to set this recursively (first to /path, then /path/to, etc).
Compared to the most voted solution, only a particular user will be able to access this directory, so security is increased.
Bonus tip: if the path is mounted on a zfs pool, you will need to add the option acltype in your zpool configuration. This can be done with:
zfs set acltype=posixacl your_zpool
Then, by restarting the machine, the volume will be mounted again with the correct configuration, and the code above will work.
In addition to changing the permissions as the other answers have indicated, I had to restart apache for it to take effect:
sudo service apache2 restart
There is another way that symbolic links may fail you, as I discovered in my situation. If you have an SELinux system as the server and the symbolic links point to an NFS-mounted folder (other file systems may yield similar symptoms), httpd may see the wrong contexts and refuse to serve the contents of the target folders.
In my case the SELinux context of /var/www/html (which you can obtain with ls -Z) is unconfined_u:object_r:httpd_sys_content_t:s0. The symbolic links in /var/www/html will have the same context, but their target's context, being an NFS-mounted folder, are system_u:object_r:nfs_t:s0.
The solution is to add fscontext=unconfined_u:object_r:httpd_sys_content_t:s0 to the mount options (e.g. # mount -t nfs -o v3,fscontext=unconfined_u:object_r:httpd_sys_content_t:s0 <IP address>:/<server path> /<mount point>). rootcontext is irrelevant and defcontext is rejected by NFS. I did not try context by itself.
First disable selinux (vim /etc/selinux/config)
vim /etc/httpd/conf/httpd.conf edit following lines for symlinks and directory indexing:
documentroot /var/www/html
<directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride None
</directory>
If .htaccess file then AllowOverride all
For anyone having trouble after upgrading to 14.04
https://askubuntu.com/questions/452042/why-is-my-apache-not-working-after-upgrading-to-ubuntu-14-04
as
root changed
before upgrade = /var/www
after upgrade = /var/www/html
With the option FollowSymLinks enabled:
$ rg "FollowSymLinks" /etc/httpd/
/etc/httpd/conf/httpd.conf
269: Options Indexes FollowSymLinks
you need all the directories in symlink to be executable by the user httpd is using.
so for this general use case:
cd /path/to/your/web
sudo ln -s $PWD /srv/http/
You can check owner an permissions with namei:
$ namei -m /srv/http/web
f: /srv/http/web
drwxr-xr-x /
drwxr-xr-x srv
drwxr-xr-x http
lrwxrwxrwx web -> /path/to/your/web
drwxr-xr-x /
drwxr-xr-x path
drwx------ to
drwxr-xr-x your
drwxr-xr-x web
In my case to directory was only executable for my user:
Enable execution by others solve it:
chmod o+x /path/to
See the non executable directory could be different, or you need to affect groups instead others, that depends on your case.
Yet another subtle pitfall, in case you need AllowOverride All:
Somewhere deep in the fs tree, an old .htaccess having
Options Indexes
instead of
Options +Indexes
was all it took to nonchalantly disable the FollowSymLinks set in the server config, and cause a mysterious 403 here.
In my case, all of the above function, except that SElinux was blocking all symlink request. Additionally to httpd.conf, grp and file permissions, and lsyncd, I also set SELinux to permissive and it works!
In my case I was having symlinks in my /Sites folder which suddenly stopped working and resulting in a 403.
If you're on a Mac, check the Security & Privacy screen and see if http has access to your folder.
The checkbox under Files and Folders for httpd was somehow unchecked. (Perhaps due to an update, since it seems I have 2 httpd's).
Enabling the checkbox fixed the issue.
a little bit late but to give general permission for all other users is not a good idea
better to add the apache user, in my case "www-data" to the group ofthe user whose files you want to access:
usermod -a -G group_of_target_user www-data