Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: 403 Forbidden You don't have permission to access this resou |
|
| Author |
|
xiaobaingtai
Joined: 27 Aug 2021
Posts: 2
Location: Australia, Sydney
|
 Posted: Fri 27 Aug '21 14:59 Post subject: 403 Forbidden You don't have permission to access this resou |
 |
|
Hello
After moving my Root Document to an external partition, I'm encountering the error the error Forbidden You don't have permission to access this resource.
I believe this to be some kind of perms/ownership issue but I'm having difficulty with even the most permissive of settings as sudo apachectl configtest returns OK.
When I moved index.html, I did so by issuing:
| Quote: | | sudo rsync -av /var/www/html /media/exthdd1tb/www/html |
Subsequently, I also:
| Quote: | | sudo chmod -R 755 /media/exthdd1tb/www/html |
And:
| Quote: | | sudo chown -R www-data:www-data /media/exthdd1tb/www/html |
I've tried a few guides I found online where people report similar problems, but I can't seem to get mine to resolve. I've also quite a few times:
| Quote: | | sudo systemctl reload apache2. |
Here are some config details. I'm running Apache/2.4.48 on a Debian based server.
For the configuration files apache2.conf:
apache2.conf now resembles:
| Code: | <Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /media/exthdd1tb/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory> |
and added the new location in 000-default.conf and ssl-default.conf:
000-default.conf:
| Code: | ServerAdmin webmaster@localhost
#DocumentRoot /var/www/html < old, default root
DocumentRoot /media/exthdd1tb/www/html
ssl-default.conf:
ServerAdmin webmaster@localhost
#DocumentRoot /var/www/html < old, default root
DocumentRoot /media/exthdd1tb/www/html |
when I run
| Quote: | | apache2 --versions |
I see:
| Code: | [Fri Aug 27 22:56:25.942013 2021] [core:warn] [pid 11213] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
apache2: Syntax error on line 80 of /etc/apache2/apache2.conf: DefaultRuntimeDir must be a valid directory, absolute or relative to ServerRoot |
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Fri 27 Aug '21 20:17 Post subject: |
|
|
You may try
| Code: |
source /etc/apache2/envvars
/usr/sbin/apache2ctl -S
|
|
|
| Back to top |
|
xiaobaingtai
Joined: 27 Aug 2021
Posts: 2
Location: Australia, Sydney
|
| Posted: Sun 29 Aug '21 8:21 Post subject: |
|
|
I ran the command:
| Quote: | | source /etc/apache2/envvars |
which generated no output.
Then I tried:
| Quote: | | /usr/sbin/apache2ctl -S |
which returned:
[/code]AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used [/code]
I ran
| Quote: | | sudo cat /var/log/apache2/error.log |
and found it was full of lines like:
| Code: | | [Sun Aug 29 16:01:39.815509 2021] [core:error] [pid 26113] (13)Permission denied: [client 192.168.1.7:54830] AH00035: access to /favicon.ico denied (filesystem path '/media/exthdd1tb/www') because search permissions are missing on a component of the path, referer: http://192.168.1.88/ |
At the suggest of some other forum posts on like-issues I
| Quote: | | sudo find /media/exthdd1tb/www -type d -exec chmod 755 {} \; |
| Quote: | | sudo find /media/exthdd1tb/www -type d -exec chmod 755 {} \; |
and even
| Quote: | | sudo chmod a+rX -R /media/exthdd1tb/www |
but I am still unable to load the site without 403'ing. I've also checked the ACLs with | Quote: | | getfacl /media/exthdd1tb/www |
and see that:
| Code: | getfacl: Removing leading '/' from absolute path names
# file: media/exthdd1tb/www
# owner: root
# group: root
user::rwx
group::r-x
other::r-x |
I'm not entirely sure this is correct... |
|
| Back to top |
|
tangent
Moderator
Joined: 16 Aug 2020
Posts: 348
Location: UK
|
| Posted: Sun 29 Aug '21 22:42 Post subject: |
|
|
How about temporarily changing the login shell for www-data to /bin/bash, so you can switch user and check out where in the path the permissions problem lies, e.g.
| Code: | user@host:~$ sudo chsh -s /bin/bash www-data
user@host:~$ sudo su - www-data
www-data@host:~$ # check access permissions as www-data ...
www-data@host:~$ exit
user@host:~$ sudo chsh -s /usr/sbin/nologin www-data
|
|
|
| Back to top |
|
|
|
|
|
|
