403 Forbidden for virtual server

On my system, virtual servers' home directories are stored in /apps (which is a mounted nfs volume). I had to change the /etc/apache2/suexec/www-data file to use the /apps directory instead of /home.

Most virtual servers work fine, however, I have one which always responds with 403 permission denied. After some digging around I have found the issue to be rather strange.

Lets say i have two domains: deborahschenck.com rupertwatts.com

As should be, the /apps/deborahschenck/public_html/ directory is executable by www-data group.

But for rupertwatts, this is not the case: /apps/rupertwatts/public_htmlis not executable by www-data group because /apps/rupertwatts is not executable by www-data.

I have checked the permissions mode of the entire path of rupertwatts and they are equivalent to the path of deborahschenck.

Trimmed output of ls -al /apps/deborahschenck:

drwxr-x--- 14 deborahschenck deborahschenck 4096 Jan 29 00:35 .

drwxr-xr-x 35 root           root           4096 Feb  9 15:28 ..

drwxr-x---  8 deborahschenck deborahschenck 4096 Jan 29 11:18 public_html

Trimmed output of ls -al /apps/rupertwatts:

drwxr-x--- 16 rupertwatts rupertwatts       4096 Feb  9 13:20 .

drwxr-xr-x 35 root        root              4096 Feb  9 15:28 ..

drwxr-x--- 14 rupertwatts rupertwatts       4096 Feb  5 21:52 public_html

Output of id www-data:

uid=33(www-data) gid=33(www-data) groups=33(www-data),1029(deborahschenck),1057(rupertwatts)

Output of id rupertwatts:

uid=1057(rupertwatts) gid=1057(rupertwatts) groups=1057(rupertwatts)

Output of: id deborahschench:

uid=1029(deborahschenck) gid=1029(deborahschenck) groups=1029(deborahschenck)

How can it be that the permissions are identical and yet www-data can access one path but not access the other?

Thanks for your help.

Status: 
Active

Comments

Just to verify -- in the case where it's not working, is there a website installed into the public_html folder? Not having a website can cause what you're describing there.

If you do have one -- does setting the permissions of the public_html dir, and the dir right before that one, to "755" - does that by chance resolve it?

VuOnline's picture
Submitted by VuOnline on Wed, 02/15/2017 - 06:54

Hi andreychek,

Yes, I have a website installed in the public_html folder.

If I change the permissions to be open like that then yes the site starts working. Does this suggest that Apache is not running under the correct user (rupertwatts) for rupertwatts.com?

Hmm, could you put a "test.php" file in the public_html folder, and give it the following contents:

<?php phpinfo(); ?>

Then, would it be possible to provide us with a URL to that test.php script?

Hmm, could you put a "test.php" file in the public_html folder, and give it the following contents:

<?php phpinfo(); ?>

Then, would it be possible to provide us with a URL to that test.php script?

adomas's picture
Submitted by adomas on Thu, 11/23/2017 - 19:02

I have exactly same issue. Is the only solution chmod 755?

If your NFS server is enforcing permission checks, then yes you may need to chmod.