· tech  · 4 min read

Apache网络服务器架设 - [forbidden 403]解决办法

今天在做Linux练习,设置apache web server。前面非常顺利,稍微设置一下/etc/httpd/conf/httpd.conf之后就成功的显示出网页来了。

接下来设置给每一个用户一个自己存放主页的目录,就是建立/home/<用户名>/public_html来存放网页。照道理的话,只需在httpd.conf里面添加<public_html> directory的配置信息,然后把UserDir Disable去掉,加上UserDir public_html,最后检查一下用户目录的权限, restart service即可。可是当我设置完以上,在浏览器输入http : //localhost/~<用户名> 后只看见Forbidden 403的出错信息。

        

引用内容 引用内容

Forbidden
You don’t have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

    

      
就是在这个地方浪费了我n多时间,检查了httpd.conf里面几乎所有的项目,error_log文件的出错信息,try了n多次之后,无奈求助google。Google上的解决方案也很多,什么把httpd.conf里面的<file~>字段去掉,或者修改阿,赋予文件夹更松的权限阿,可惜在我这里都解决不了问题,又是n久之后,在一个小角落里发现了解决方案。

原来是**SELinux(Security Enhanced Linux)**在作怪。这个好像是近几代fedora core新出来的东西,虽说是增强安全性的,但是跟其他东西产生冲突就不好了。

现在的话把SELinux关掉,删掉,实在不行跑去xwindow里找出SELinux程序,把安全级别调低一点就好。不过本人感觉最好的办法还是改变一下文件夹的安全属性。

用以下命令修改文件夹安全属性就好了
chcon -R -t httpd_user_content_t public_html/

      
具体解决方案参见Fedora Core 5 Official FAQ about SELinux

问题解决就到这里,希望跟我有同样问题的人能早日搜到此贴,少走点弯路啊。

        

        

引用来自 Fedora Core 5 FAQ 引用来自 Fedora Core 5 FAQ

Q: How do I make a user public_html directory work under SELinux?

A: This process presumes that you have enabled user public HTML directories in Apache HTTP configuration (/etc/httpd/conf/httpd.conf). This process only covers serving static Web content. For more information about Apache HTTP and SELinux, refer to http://fedora.redhat.com/docs/selinux-apache-fc3/.

1. If you do not already have one, you will need to create the public_html directory and populate it with the files and folders to be served.

cd ~
mkdir public_html
cp /path/to/content ~/public_html

2. At this point, httpd is configured to serve the contents, but you will still receive a 403 forbidden error. This is because httpd is not allowed to read the security type for the directory and files as they are created in the user’s home directory. To solve this, change the security context of the folder and its contents recursively using the -R option:

ls -Z -d public_html/
drwxrwxr-x  auser    auser    user_u:object_r:user_home_t      public_html
chcon -R -t httpd_user_content_t public_html/
ls -Z -d public_html/
drwxrwxr-x  auser    auser    user_u:object_r:httpd_user_content_t public_html/
ls -Z public_html/
-rw-rw-r—  auser    auser    user_u:object_r:httpd_user_content_t bar.html
-rw-rw-r—  auser    auser    user_u:object_r:httpd_user_content_t baz.html
-rw-rw-r—  auser    auser    user_u:object_r:httpd_user_content_t foo.html

You may notice at a later date that the user field, set here to user_u, is changed to system_u. This does not affect how the targeted policy works; the field that matters is the type field.

3. You should now be able to serve the static webpages. If you continue to have errors, check to see that the Boolean that enables user home directories is enabled. This can be set using system-config-securitylevel, under the SELinux tab within the Modify SELinux Policy area, enabling Allow HTTPD to read home directories. The changes take effect immediately.

    Share:
    Back to Blog