Linux 您在 CentOS 中的 Apache 中没有权限错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14427808/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
You don't have permission error in Apache in CentOS
提问by th1rdey3
I have installed apache 2.2 in centos 6. Everything worked fine when the apache folder was at its default location /var/www/html. Then I configured a Virtual host inside my users home folder. After that apache started showing Forbidden You don't have permission errorwhen I tried to go to localhostor 127.0.0.1from browser.
我已经在 centos 6 中安装了 apache 2.2。当 apache 文件夹位于其默认位置时,一切正常/var/www/html。然后我在我的用户主文件夹中配置了一个虚拟主机。之后,Forbidden You don't have permission error当我尝试访问浏览器localhost或127.0.0.1从浏览器访问时,apache 开始显示。
this is the code i used in httpd.conf
这是我在 httpd.conf 中使用的代码
<VirtualHost *:80>
DocumentRoot "/home/anjan/workspace/mfs"
ServerName anjan-centOS
<Directory "/home/anjan/workspace/mfs">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order Deny,Allow
Allow from all
</Directory>
</VirtualHost>
I also disabled SElinuxas was mentioned in some articles but in vain. If anyone could help me out it would be much appreciated.
我也SElinux像一些文章中提到的那样禁用了但徒劳无功。如果有人可以帮助我,将不胜感激。
采纳答案by th1rdey3
I solved the problem. After meddling with the permission of the system I found out that the user "anjan"who is owner of /home/anjanhad read/write/execute permission on /home/anjanbut the group "anjan", created when user "anjan"was created didn't have any permission at all.
我解决了这个问题。在干预系统的权限后,我发现user "anjan"谁拥有/home/anjan读/写/执行权限,/home/anjan但group "anjan"创建时user "anjan"创建的 , 根本没有任何权限。
ls -l /home/
showed
显示
drwx------. 28 anjan anjan 4096 Jan 21 13:19 anjan
so I changed the permission with this command
所以我用这个命令改变了权限
chmod -R 770 /home/anjan
ls -l /home/
drwxrwx---. 28 anjan anjan 4096 Jan 21 13:19 anjan
i found out under which user my apache is running from thisthread. It was running under user "apache"
我发现我的 apache 是在哪个用户下从这个线程运行的。它正在运行user "apache"
so I added user "apache"to group "anjan"with this command.
所以我说user "apache"要group "anjan"使用此命令。
usermod -G anjan,apache apache
after that voila. No more Forbiddenerror.
在那之后,瞧。没有更多的禁止错误。
P.S. I did everything as the root user.
PS我以root用户身份做了所有事情。
UPDATEIt seems the provided link is broken now. Heresanother one.
更新似乎提供的链接现在已损坏。这是另一个。
Just to be safe(to avoid future broken links), copying the command here. In terminal type -
为了安全起见(避免将来断开链接),请在此处复制命令。在终端类型 -
ps axo user,group,comm | grep apache
回答by user2402590
This is (for me at least) a doubtful design. It basically means that the Apache user has WRITE access to all that user's files including secrets for example ssh-keys.
这是(至少对我而言)一个值得怀疑的设计。它基本上意味着 Apache 用户可以写入访问该用户的所有文件,包括机密,例如 ssh-keys。
Not fun if a cracker attacks apache.
如果破解者攻击 apache,那就不好玩了。
A simple modification would be while running as 'anjan':
一个简单的修改是在作为“anjan”运行时:
chmod -R g-rwx ~ # undo the unsafe -R first
chmod g+rx ~ ~/workspace
chmod -R g+rx ~/workspace/mfs
If apacheis a member of the 'anjan' group.
如果apache是'anjan'组的成员。
My recommendation is to use ACL:s if the filesystem supports that.
如果文件系统支持,我的建议是使用 ACL:s。
Is SELinux running now ? It should be so and if is still the case that the SELinux policy blocks apache's access to workspace/mfsa number of messages from sealert should be evident in var/log/messages.
This problem is usually fixed with a judicious usage of setsebol.
SELinux 现在在运行吗?应该是这样,如果情况仍然如此,SELinux 策略阻止 apache 访问workspace/mfs来自 Sealert 的许多消息应该在 var/log/messages 中很明显。这个问题通常通过明智地使用 setsebol 来解决。
Disabling SELinux because something isn't working and recommending that method is njaa....
由于某些东西不起作用而禁用 SELinux 并推荐该方法是 njaa ....
The original problem is that apache runs as itself and because of that is slumped in the other category when calculating permissions.
最初的问题是 apache 自己运行,因此在计算权限时被归入其他类别。
chmod o+rx ~anjan/ ~anjan/workspace/ ~anjan/workspace/mfs
should be enough.
应该够了。
CentOS 6 is a free (as in free beer) version of RedHat Enterprise Linux and as such RedHat's document https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/is a necessity.
CentOS 6 是 RedHat Enterprise Linux 的免费(如免费啤酒)版本,因此 RedHat 的文档https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/是必需的.
