Permissions For Web /home/blah/public_html Forbidden Access from WWW

I'm having some file permission problems. Whenever I try to access my home directory via the Internet I get a 403 Forbidden message. Except something on this message has caught my eye:

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

I'm not sure what that means other than there's a file permission problem SOMEWHERE.. Just incase this helps, here's what it is set:

The /home/blah/public_html folder owner is blah and group blah. I've even changed it over to apache for both. I've even got the folder CHMODed to 777, still "Forbidden".

What am I doing wrong here? I encountered this last summer but I forget what kind of "tinkering" was done to get it working correctly..

Thanks!

[N]F

First off,,, chmod 777 is a security risk...Some web browsers will treat any executable file as a CGI script.(in other words, simple typing the url of an executable in the web browser will case the program to run)The problem here is most likely your web server configureation.The config file sets what is and what is not allowed.Some web browsers by default do not allow directory browsing, They will show a 403 error if you attenmpt to view a folder, instead of showing the contents of that folder.Read the config file, in most server config files, the documentation on how to edit the config file will be in comments inside the config file..its usualy as simple as setting somthing like "ALLOW_DIRECTORY_BROWSING=NO" to "=YES"Always Always check server config scripts, dont just assume that the default is the most secure.

Username directory should be chmod 701, public_html should be 701. The owner and group of the files, should still remain the Username.If using SELinux, you'll also want to do chcon -R -t httpd_sys_content_t /home/Username/public_htmlI've written some guides on here that may help you configure it even better, though specifically for Fedora distributions, it may yield some answers.Cheers,MC

SELinux is disabled I know what kind of problems it can cause!Ok, after following some instructions in httpd.conf, ~userid should have permissions of 711 and ~userid/public_html should have permissions of 755.I got it to display web documents now, which is good. Directory listing still shows "403 Forbidden" which has its advantages and disadvantages.I've looked through httpd.conf but I don't see anything about directory listings..[N]F

Usually CHMOD to 755, because if you CHMOD to 777 it will give an error saying that the directory is writable etc.

As long as your home is 701, and public_html is 705 that should be fine. Setting group permissions doesn't really do much for you unless you add users into your group who are allowed to alter files, if that's the case, you're better off creating a new group and another location in home for this to go, that way you don't need to allow people into your home folder.

Make sure in your httpd.conf you have:

<Directory /home/*/public_html>	AllowOverride FileInfo AuthConfig Limit	Options Indexes SymLinksIfOwnerMatch IncludesNoExec	<Limit GET POST OPTIONS>		Order allow,deny		Allow from all	</Limit>	<LimitExcept GET POST OPTIONS>		Order deny,allow		Deny from all	</LimitExcept></Directory>

This restricts the folder to readonly using the <Limit> and <LimitExcept>, you can remove these if you don't want it.

Make sure to restart apache when making changes to httpd.conf.

That is all I can think of at the moment as to why you can't read the directory. As long as read/execute exists in the permissions it should work.

Cheers,


MC