The error log says that the file Apache is trying to read is /radar/data/hi3.html. The error log normally will report the absolute file system path contrary to the access log that reports the URL path requested. At the same time, from the information given, it is my understanding that the URL you are trying to get is http://whatever/radar/data/hi3.html (from the browser's message about not having permissions to access /radar/data/hi3.html on the server). Those two pieces of information put together seem to indicate that your DocumentRoot is /.
You also say that documents in the radar directory are served correctly, which totally confuses me. Could you provide the following pieces of information: 1. ServerRoot from httpd.conf 2. DocumentRoot from httpd.conf 3. The path to your httpd.conf file 4. the output of the command "ps -ef | grep httpd" 5. the output of the command "ls -l /var/www/html/radar/data/hi3.html" -ascs ________________________________ From: Dr. Stephen Judd [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 31, 2006 4:50 AM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] permissions problem On 2006 Jan 30, at 10:09 PM, Joshua Slive wrote: On 1/30/06, Dr. Stephen Judd <[EMAIL PROTECTED]> wrote: On 2006 Jan 30, at 4:01 PM, Joshua Slive wrote: On 1/30/06, David Salisbury <[EMAIL PROTECTED]> wrote: [Mon Jan 30 15:54:49 2006] [error] (13)Permission denied: access to /radar/data/hi3.html denied I'm not so sure about your "forbidden by rule" assumption. I believe if you were to Deny access to an IP address you get a simple "permission denied". So I wouldn't discount a configuration problem.. maybe even a hidden .htaccess guy hanging out. No, in this case, "permission denied" (errorno=EACCES=13) is what the OS is returning when apache tries to open the file. Try logging in as the user specified in the User/Group directive and see if you can access the file. Joshua. The config file says this: User apache Group apache The straightforward way of doing what you ask for does not work: [EMAIL PROTECTED] ~]# su apache This account is currently not available. I don't know exactly what that means or how to get around it, but I investigated this much further the other day and found some oddities... I wrote a little script to look into the issue of who the user is: <?php clearstatcache(); $yuzer= $_ENV['USER']; $lognm= $_ENV['LOGNAME']; print "USER= $yuzer, LOGNAME= $lognm<br/>\n"; $getperms= fileperms('data') & 0777; print "fileperms are: $getperms <br/>\n"; if ($getperms ==0) print "cannot access<br/>\n"; ?> When invoked via the web, it apparently runs as root(!) (not apache?!) and gives a message saying that it cannot do a stat: USER= root, LOGNAME= root fileperms are: 0 cannot access When invoked from the command line (in any of several users I tried) it works fine and accesses the file. I'm baffled. Is the "root" user that it purports to be the same as the usual system root user? If so, why can it not access a file that everyone else can? If not, then who is it?? USER/LOGNAME are probably inherited from the parent apache process. If you create a file in /tmp, you'll probably find it is owned by apache. Yes. You are right about that. That makes the message from the script all the more confusing. I suppose that it gets invoked as root and then switches its identity to apache as soon as it can. You'd think that its identity as root would be gone long before it ran my script, but whatever. Your problem still sounds very much like SELinux to me. Are you absolutely positive you are not running that? What exact version of redhat are you running? I'm quite sure I'm not running SELinux. Here is my evidence: [EMAIL PROTECTED] ~]$ echo $MACHTYPE i686-redhat-linux-gnu As for version, I dunno. How do I find out? If not, check the permissions on every file and directory starting with the one you are trying to access and going all the way up the tree. I've done this --and redone it-- because it sure seems like the thing to do. But no explanation lies in there. The permissions on the radar directory are these: drwxr-xr-x 3 radar radargrp 4096 Jan 27 22:21 radar The permissions on the data directory are these: drwxrwxrwx 4 radar radargrp 4096 Jan 26 09:13 data And given that files from the radar directory are being served up without problem, I believe that I need exhibit no more evidence. Is that true? Anyway, I'll provide it just to be forthcoming... radar's parent is this: drwxr-xr-x 4 root root 4096 Jan 27 22:28 html html's parent is this: drwxr-xr-x 8 root root 4096 Jan 6 11:26 www and www's parent is this: drwxr-xr-x 21 root root 4096 Jan 6 11:38 var and var's parent is /. The path is OPEN ! Tell me about the issue in SELinux. At this point, I'm willing to chase any possibilities. sj --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
