WebFaction
Community site: login faq

I have a static/CGI/PHP app that redirects all domain.com traffic to www.domain.com. With my mad skillz I managed to reset pretty much all permissions recursively in my home folder to 0600, causing the redirect app to stop functioning, giving "403 Forbidden".

What permissions should I set to fix the situation?

Note to self: create a cronjob that saves full recursive directory listings. Note to self 2: don't mess with permissions when in production.

UPDATE

I set the following permissions according to David L's advice:

  • 755 ~/webapps/redir_app/
  • 664 ~/webapps/redir_app/.htaccess (actually a softlink to mercurial repository)
  • 775 ~/mercurial/
  • 664 ~/mercurial/_htaccess (this is the real file)

But it still doesn't work. The frontend log says:

*** /home/xyz/logs/frontend//error_redir_app_php.log ***
[Wed Dec 15 04:53:29 2010] [crit] [client xyz] (13)Permission denied: /home/xyz/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

What am I missing? Do the permissions of my home directory play a role here - can I even modify them myself? I assume the "chmod -R 0600 .*" would have found its way up there as well.

asked 15 Dec '10, 04:08

foob
2613
accept rate: 100%

edited 15 Dec '10, 07:33

I believe a .htaccess should be chmodded to 600, otherwise it's considered too loose.

Could you try that and let us know how it goes?

(15 Dec '10, 07:54) David L ♦♦

Forgive me for my stupidity, but isn't the frontend apache process owned by somebody else than me? If so, how could it read the .htaccess if I set it to 600?

As the log snippet above shows, apache tries to access .htaccess on my home directory. Is the problem now with my home directory permissions? "ls -ld ~" shows "drwx------+"

(15 Dec '10, 08:22) foob

Oh, and I tried anyway, didn't help.

(15 Dec '10, 08:24) foob

As the frontend Apache log suggested, the problem were my home dir's permissions. Thanks to WF support for providing the defaults:

chmod 710 $HOME
setfacl -m u:apache:r-x $HOME
setfacl -m u:nginx:r-x $HOME
permanent link

answered 16 Dec '10, 06:14

foob
2613
accept rate: 100%

Thanks for posting. This fixed it for me after screwing up my permissions following a bad suggestion on stackexchange trying to get ssh keys working.

(14 Aug '14, 13:41) morganbird

By default, the permissions for newly created files and directories are:

  • Directories - 775
  • Files - 664

You can probably just fix your redirect's .htaccess file (assuming that's what you're using) permissions. This should kick your app back into life :)

permanent link

answered 15 Dec '10, 04:15

David L ♦♦
1.4k13
accept rate: 45%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×224
×64

question asked: 15 Dec '10, 04:08

question was seen: 5,498 times

last updated: 14 Aug '14, 13:41

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM