0
Apache/2.4.18 (Ubuntu)
Ubuntu 16.04

I tested the initial configuration, pointed my browser to the server, and got the normal ubunutu page. Works fine.

The 000-default.conf is:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
</VirtualHost>

The index.html is in the /var/www/html directory and the /var/www/html directory has permissions set to 0755

I created a directory /home/utils/rails/public, owned the user utils. I set the permissions for this directory to 0755

I copied the file index.html from /var/www/html to /home/utils/rails/public

I then modified the /etc/apache2/sites-available/000-default.conf to the following:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /home/utils/rails/public
</VirtualHost>

I restarted apache2 and pointed the browser to the location, but this time I got the

Forbidden
You don't have permission to access / on this server

If I reverse the procedure, and change the DocumentRoot back to /var/www/html, everything works fine.

What am I doing wrong?

namei -lx /home/utils/rails/public
f: /home/utils/rails/public
Drwxr-xr-x root  root  /
drwxr-xr-x root  root  home
drwxr-xr-x utils utils utils
drwxrwxr-x utils utils rails
drwxr-xr-x utils utils public
EastsideDev
  • 169
  • 2
  • 15
  • Add the output of namei -lx /home/utils/rails/public please – muru Oct 11 '17 at 05:02
  • Every directory in path (e.g. /home, /home/utils, /home/utils/rails, /home/utils/rails/public) needs to have +x set to allow apache to traverse the directory.chmod a+x /path` is the command to add +x for world. – vidarlo Oct 11 '17 at 05:04
  • added output of namei – EastsideDev Oct 11 '17 at 05:06
  • IMO apache should not have access to files outside of /var/www/html as I believe there are security risks and, security risks aside, it is just poor form. If you are doing this to avoid using root see - https://askubuntu.com/questions/46331/how-to-avoid-using-sudo-when-working-in-var-www . If you are doing this to allow users to have personal web pages use user-dir - see http://www.techytalk.info/enable-userdir-apache-module-ubuntu-debian-based-linux-distributions/ and https://wiki.ubuntu.com/UserDirectoryPHP – Panther Oct 11 '17 at 05:11
  • No, I am not trying to avoid using root. I am setting up a rails application, and that directory cannot be owned by root – EastsideDev Oct 11 '17 at 05:35

1 Answers1

0

The following solved the problem:

<VirtualHost *:80>
   ServerAdmin myanme@myserver.net
   ServerName myserver.net
    DocumentRoot "/home/utils/rails/public"
    <Directory "/home/utils/rails/public">
        <IfModule mod_negotiation.c>
            Options -MultiViews
        </IfModule>
        AllowOverride None
        Require all granted
   </Directory>
   LogLevel warn
   ErrorLog ${APACHE_LOG_DIR}/myserver.net_error.log
   CustomLog ${APACHE_LOG_DIR}/myserver.net_access.log combined
</VirtualHost>

The key is:

Require all granted

This is used since Apache 2.4. The other directives are not key to the access issue, but I have them to disallow .htaccess directives (ALlowOverride) and deal with Multiviews

Setting permissions to 0755 works and did not need to be changed

EastsideDev
  • 169
  • 2
  • 15