On my system, virtual servers' home directories are stored in /apps (which is a mounted nfs volume). I had to change the /etc/apache2/suexec/www-data file to use the /apps directory instead of /home.
Most virtual servers work fine, however, I have one which always responds with 403 permission denied. After some digging around I have found the issue to be rather strange.
Lets say i have two domains: deborahschenck.com rupertwatts.com
As should be, the /apps/deborahschenck/public_html/ directory is executable by www-data group.
But for rupertwatts, this is not the case:
/apps/rupertwatts/public_htmlis not executable by www-data group because /apps/rupertwatts is not executable by www-data.
I have checked the permissions mode of the entire path of rupertwatts and they are equivalent to the path of deborahschenck.
Trimmed output of ls -al /apps/deborahschenck:
drwxr-x--- 14 deborahschenck deborahschenck 4096 Jan 29 00:35 .
drwxr-xr-x 35 root root 4096 Feb 9 15:28 ..
drwxr-x--- 8 deborahschenck deborahschenck 4096 Jan 29 11:18 public_html
Trimmed output of ls -al /apps/rupertwatts:
drwxr-x--- 16 rupertwatts rupertwatts 4096 Feb 9 13:20 .
drwxr-xr-x 35 root root 4096 Feb 9 15:28 ..
drwxr-x--- 14 rupertwatts rupertwatts 4096 Feb 5 21:52 public_html
Output of id www-data:
uid=33(www-data) gid=33(www-data) groups=33(www-data),1029(deborahschenck),1057(rupertwatts)
Output of id rupertwatts:
uid=1057(rupertwatts) gid=1057(rupertwatts) groups=1057(rupertwatts)
Output of: id deborahschench:
uid=1029(deborahschenck) gid=1029(deborahschenck) groups=1029(deborahschenck)
How can it be that the permissions are identical and yet www-data can access one path but not access the other?
Thanks for your help.
Comments
Submitted by andreychek on Thu, 02/09/2017 - 10:41 Comment #1
Just to verify -- in the case where it's not working, is there a website installed into the public_html folder? Not having a website can cause what you're describing there.
If you do have one -- does setting the permissions of the public_html dir, and the dir right before that one, to "755" - does that by chance resolve it?
Hi andreychek,
Yes, I have a website installed in the public_html folder.
If I change the permissions to be open like that then yes the site starts working. Does this suggest that Apache is not running under the correct user (rupertwatts) for rupertwatts.com?
Submitted by andreychek on Wed, 02/15/2017 - 09:23 Comment #3
Hmm, could you put a "test.php" file in the public_html folder, and give it the following contents:
<?php phpinfo(); ?>Then, would it be possible to provide us with a URL to that test.php script?
Submitted by andreychek on Wed, 02/15/2017 - 09:23 Comment #4
Hmm, could you put a "test.php" file in the public_html folder, and give it the following contents:
<?php phpinfo(); ?>Then, would it be possible to provide us with a URL to that test.php script?
I have exactly same issue. Is the only solution chmod 755?
Submitted by JamieCameron on Fri, 11/24/2017 - 13:10 Comment #6
If your NFS server is enforcing permission checks, then yes you may need to chmod.