Menu Content/Inhalt
Home arrow Linux arrow General arrow Avoid HTTP 403 with Apache 2 and mod_userdir
Avoid HTTP 403 with Apache 2 and mod_userdir PDF Print E-mail
Written by Martin   
Tuesday, 11 May 2010

A really productive day today-I learned how to configure mod_userdir with the http daemon supplied with Oracle Enterprise Linux 5.5. Quite simple once you read the documentation!

First of all, edit /etc/httpd/conf/httpd.conf and search for the mod_userdir section. To enable it, your mod_userdir configuration should look as follows:

 <IfModule mod_userdir.c>
    #
    # UserDir is disabled by default since it can confirm the presence
    # of a username on the system (depending on home directory
    # permissions).
    #
    #UserDir disable

    #
    # To enable requests to /~user/ to serve the user's public_html
    # directory, remove the "UserDir disable" line above, and uncomment
    # the following line instead:
    #
    UserDir public_html

</IfModule>

Next I created a new directory "public_htme" for account "martin". Permissions are the key thing, otherwise all you get is this: 

[Tue May 11 11:48:22 2010] [error] [client 1.2.3.4] (13)Permission denied: access to /~martin/ denied

So as root, execute the following on the userdir you want to make available:

[root@tomcat ~]# chmod 711 /home/martin/
[root@tomcat ~]# chmod 755 /home/martin/public_html

Documents in ~userid/public_html must be world readable. With this set, access to http://tomcat/~martin/ worked like a dream.

WARNING

Please don't enable this unless you understand the implications! If ~userid is accessible from the outside it confirms the presence of that userid on the box. This could become an angle of attack!

Last Updated ( Tuesday, 11 May 2010 )
 
< Prev   Next >
[ Back ]