*SOLVED* apache2: access denied [message #16402] |
Tue, 04 September 2007 19:31 |
ggonzalez
Messages: 18 Registered: July 2007
|
Junior Member |
|
|
Hi,
I have been struggling with the following problem for a couple of days. I have run out of ideas to solve it.
Here is the situation:
I have a VE configured with veth interface, with apache2 freshly installed. infrahn01 is the HN and infravs01 is the VE.
root@infravs01:~# uname -a
Linux infravs01.integra.com.py 2.6.18-ovz028stab039.1-enterprise #1 SMP Tue Jul 24 12:28:02 MSD 2007 i686 GNU/Linux
root@infravs01:~# dpkg -l|grep apache
ii apache2-mpm-prefork 2.2.3-4+etch1 Traditional model for Apache HTTPD 2.1
ii apache2-utils 2.2.3-4+etch1 utility programs for webservers
ii apache2.2-common 2.2.3-4+etch1 Next generation, scalable, extendable web se
ii libapache2-mod-php4 4.4.4-8+etch3 server-side, HTML-embedded scripting languag
root@infravs01:~# ip a l
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: venet0: <BROADCAST,POINTOPOINT,NOARP> mtu 1500 qdisc noop
link/void
5: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
link/ether 00:0c:29:19:45:6d brd ff:ff:ff:ff:ff:ff
inet 10.0.0.241/32 scope global eth0
root@infravs01:~# ip r l
default dev eth0 scope link
root@infravs01:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@infravs01:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
infrahn01:~# ip a l
2: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
6: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:8d:83:09:35 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.231/24 brd 10.0.0.255 scope global eth0
inet6 fe80::250:8dff:fe83:935/64 scope link
valid_lft forever preferred_lft forever
8: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:06:4f:4a:37:e8 brd ff:ff:ff:ff:ff:ff
inet 192.168.254.1/24 brd 192.168.254.255 scope global eth1
inet6 fe80::206:4fff:fe4a:37e8/64 scope link
valid_lft forever preferred_lft forever
7: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,10000> mtu 1500 qdisc noqueue
link/void
9: veth101.0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
link/ether 00:0c:29:19:45:6c brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe19:456c/64 scope link
valid_lft forever preferred_lft forever
infrahn01:~# ip r l
10.0.0.241 dev veth101.0 scope link
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.231
192.168.254.0/24 dev eth1 proto kernel scope link src 192.168.254.1
default via 10.0.0.203 dev eth0
infrahn01:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
infrahn01:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I can successfully ping and resolve names to my network's hosts, both way.
root@infravs01:~# netstat -a|grep www
tcp6 0 0 *:www *:* LISTEN
My apache2 configurations are the standard one after installation, plus the following:
root@infravs01:~# more /etc/apache2/conf.d/gosa.conf
# Configuration for GOsa using php4.
# Set alias to gosa
Alias /gosa /usr/share/gosa/html
<Directory /usr/share/gosa/html>
Order Deny,Allow
Deny from all
Allow from all
</Directory>
All directories and files pointed to by these configurations are owned by root:root, and have these permissions:
root@infravs01:~# ls -al /var/www
drwxr-xr-x 3 root root 1024 2007-08-31 15:35 .
drwxr-xr-x 14 root root 1024 2007-08-31 15:35 ..
drwxr-xr-x 2 root root 1024 2007-08-31 15:35 apache2-default
root@infravs01:~# ls -al /var/www/apache2-default/
drwxr-xr-x 2 root root 1024 2007-08-31 15:35 .
drwxr-xr-x 3 root root 1024 2007-08-31 15:35 ..
-rw-r--r-- 1 root root 2205 2005-12-14 13:25 apache_pb22_ani.gif
-rw-r--r-- 1 root root 2410 2005-12-14 13:25 apache_pb22.gif
-rw-r--r-- 1 root root 1502 2005-12-14 13:25 apache_pb22.png
-rw-r--r-- 1 root root 2326 2004-11-20 17:16 apache_pb.gif
-rw-r--r-- 1 root root 1385 2004-11-20 17:16 apache_pb.png
-rw-r--r-- 1 root root 44 2004-11-20 17:16 index.html
root@infravs01:~# l /usr/share/gosa/
drwxr-xr-x 2 root root 1024 2007-08-31 15:35 bin
drwxr-xr-x 3 root root 1024 2007-08-31 15:35 doc
drwxr-xr-x 5 root root 1024 2007-08-31 15:35 html
drwxr-xr-x 3 root root 1024 2007-08-31 15:35 ihtml
drwxr-xr-x 3 root root 3072 2007-08-31 15:35 include
drwxr-xr-x 9 root root 1024 2007-08-31 15:35 locale
drwxr-xr-x 8 root root 1024 2007-08-31 15:35 plugins
From another machine in the network, I point my mozilla browser to:
http://infravs01.integra.com.py/
and i get:
Forbidden
You don't have permission to access / on this server.
Apache/2.2.3 (Debian) PHP/4.4.4-8+etch3 mod_ssl/2.2.3 OpenSSL/0.9.8c Server at infravs01.integra.com.py Port 80
The /var/log/apache2/error.log shows:
[Tue Sep 04 15:05:21 2007] [error] [client 10.0.0.220] (13)Permission denied: access to /doc/ denied
[Tue Sep 04 15:12:35 2007] [error] [client 10.0.0.220] (13)Permission denied: access to / denied
I installed this same version of apache2 in a VMware virtual server. The same apache2.conf and others .conf. Same permissions, etc. And it works. So my guess is that there is something in VZ or my VZ configuration precluding apache2 from working.
I would greatly appreciate any help.
Best regards,
Gustavo.
[Updated on: Fri, 07 September 2007 13:28] Report message to a moderator
|
|
|
|
Re: apache2: access denied [message #16416 is a reply to message #16402] |
Wed, 05 September 2007 16:32 |
ggonzalez
Messages: 18 Registered: July 2007
|
Junior Member |
|
|
I finally found the source of the problem!
Inside the VE, the root directory of the server (/) had 700 as its permissions. I don't know why.
I opened this (chmod 755 /), and everything worked as it should.
I don't recall having set this in the template.
Is this something that vzctl is doing when creating a new VE?
Regards,
Gustavo.
|
|
|