WebFaction
Community site: login faq

Permissions for static/CGI/PHP app

0

I have a static/CGI/PHP app that redirects all domain.com traffic to www.domain.com. With my mad skillz I managed to reset pretty much all permissions recursively in my home folder to 0600, causing the redirect app to stop functioning, giving "403 Forbidden".

What permissions should I set to fix the situation?

Note to self: create a cronjob that saves full recursive directory listings. Note to self 2: don't mess with permissions when in production.

UPDATE

I set the following permissions according to David L's advice:

  • 755 ~/webapps/redir_app/
  • 664 ~/webapps/redir_app/.htaccess (actually a softlink to mercurial repository)
  • 775 ~/mercurial/
  • 664 ~/mercurial/_htaccess (this is the real file)

But it still doesn't work. The frontend log says:

*** /home/xyz/logs/frontend//error_redir_app_php.log ***
[Wed Dec 15 04:53:29 2010] [crit] [client xyz] (13)Permission denied: /home/xyz/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

What am I missing? Do the permissions of my home directory play a role here - can I even modify them myself? I assume the "chmod -R 0600 .*" would have found its way up there as well.

asked 15 Dec '10, 04:08

foob
2613
accept rate: 100%

edited 15 Dec '10, 07:33

I believe a .htaccess should be chmodded to 600, otherwise it's considered too loose.

Could you try that and let us know how it goes?

(15 Dec '10, 07:54) David L ♦♦

Forgive me for my stupidity, but isn't the frontend apache process owned by somebody else than me? If so, how could it read the .htaccess if I set it to 600?

As the log snippet above shows, apache tries to access .htaccess on my home directory. Is the problem now with my home directory permissions? "ls -ld ~" shows "drwx------+"

(15 Dec '10, 08:22) foob

Oh, and I tried anyway, didn't help.

(15 Dec '10, 08:24) foob
2 Answers:
active answersoldest answersnewest answerspopular answers
1

As the frontend Apache log suggested, the problem were my home dir's permissions. Thanks to WF support for providing the defaults:

chmod 710 $HOME
setfacl -m u:apache:r-x $HOME
setfacl -m u:nginx:r-x $HOME
permanent link

answered 16 Dec '10, 06:14

foob
2613
accept rate: 100%

Thanks for posting. This fixed it for me after screwing up my permissions following a bad suggestion on stackexchange trying to get ssh keys working.

(14 Aug '14, 13:41) morganbird
0

By default, the permissions for newly created files and directories are:

  • Directories - 775
  • Files - 664

You can probably just fix your redirect's .htaccess file (assuming that's what you're using) permissions. This should kick your app back into life :)

permanent link

answered 15 Dec '10, 04:15

David L ♦♦
1.4k13
accept rate: 45%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×226
×64

question asked: 15 Dec '10, 04:08

question was seen: 6,243 times

last updated: 14 Aug '14, 13:41

Related questions

Can you insulate Web apps from each other?

Permission denied in subversion repo

Running webapps under a different user

Random hex digits appearing at top of HTML on 404 and 403 pages in Drupal

Apache vhost resolving wrong site

Install Tomcat, howto or step by step tutorial?

visitor alert (email me if >100 uniques in 15 Minutes)

install maxmind's mod_geoip on Apache

Installing Koha (Perl CGI application)

Installing Apache 2.4.2 with mod_wsgi 3.3

                              
WEBFACTION
Home
REACH US
Email
SUPPORT
Control panel
Documentation
Q&A community site
Status blog
Support tickets
LEGAL
Terms of service
Acceptable use policy
Privacy policy
List of Data Subprocessors
Cookie Policy
Data Protection Addendum
Migration FAQ
© COPYRIGHT 2003-2021 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM