8

this is what I'm trying to accomplish: creating symbolic link from var/www/html to a directory in the home (~) folder. the directory I'm trying to symlink to in home (~) is a git repository, if that makes any difference. I have an index.html file in this directory.

I've created a symbolic link to var/www/html on an Amazon EC2 instance using this command: ln -s ~/dirIWant/ html, however this is resulting in the following error when I try to access my webpage: 403 Forbidden "You don't have permission to access / on this server." I'm using apache.

Has anybody else tried to do something similar and gotten it to work?

Currently, when I go to my website www.blah.com, it shows this 403 error. I've tried to change the permission using sudo chown -h apache:apache but it doesn't seem to help. Do you have any other ideas?

Dreen
  • 6,128
  • 10
  • 44
  • 67
Apollo
  • 7,820
  • 27
  • 91
  • 177
  • 1
    The `apache` user (or equivalent) doesn't have read perms to your home dir. Chmod/chown the target dir to grant permission to the relevant user. BTW you may find a slightly more telling message in `/var/log/httpd/error_log` or wherever your httpd logs its errors. – Frank Farmer Jul 30 '12 at 22:12
  • @FrankFarmer when I attempt to switch to apache user using sudo su apache, I get this message: This account is currently not available. Have you experienced this before? – Apollo Jul 31 '12 at 00:07
  • 1
    Yes. By default, you cannot su apache, as the apache user typically has its shell set to `nologin`. You can change the user's shell to sh in `/etc/passwd` but this is probably generally a Bad Idea. Generally, su-ing to apache should not be necessary, especially if you just want to chown. `sudo chown apache:apache ~/dirIWant/` will suffice in your case, although it'd be wiser to move the directory out of your home dir. – Frank Farmer Jul 31 '12 at 00:59
  • @FrankFarmer I modified your command to be sudo chown -h apache:apache ~mydir and it works. However, when I go to my website, it still shows the 403 error. Do you have any idea why this is?? Thanks again! – Apollo Jul 31 '12 at 02:23
  • @FrankFarmer Like I told Dreen below, the directory I'm trying to symlink to in home (~) is a git repository, if that makes any difference in your response to this question... – Apollo Jul 31 '12 at 02:34
  • You might need to chown the files in the dir as well, e.g. `sudo chown -R apache:apache ~mydir`. Again, tail your apache `error_log` for further detail. – Frank Farmer Jul 31 '12 at 03:39
  • @FrankFarmer didn't work either. How do I access the apache error log? it doesn't look like they're in /var/log/httpd/_error_log...sorry for my noobness here. – Apollo Jul 31 '12 at 03:50
  • your httpd.conf should tell you where your error_log is – Frank Farmer Jul 31 '12 at 07:40
  • @Derek: In Amazon Linux AMI, Apache logs are by default in `/etc/httpd/logs/`. There may be more than one error log file. – Dreen Jul 31 '12 at 10:01

1 Answers1

7

This is because apache runs as apache user and the /var/www/html is owned by root in Amazon Linux AMI. You can change ownership/permissions as suggested by Frank, or use userdirs.

It seems to me that you want the webserver's folder to be conveniently accessible from your home directory (~). I wanted something like this on my EC2 and decided to use Per-user web directories (mod_userdir).

This feature of lets you keep parts of the HTTP server's space in a directory owned by a user. Each user gets his own directory, located by default in /home/username/public_html. The pages, scripts and other files in that directory are accessible to the internet by appending /~username to your domain. Additionally, you can change the name of that folder in httpd.conf from public_html to something else, like gitRepo. In that case, if you have an index.html file in /home/ec2-user/gitRepo/index.html, it will be accessible to the public via http://ec2-hostname.aws.amazon.com/~ec2-user/index.html and be owned by ec2-user, which is convenient for editing files from user level.

To set this up on EC2 (assuming "gitRepo" for the folder name you want to use), use nano /etc/httpd/conf/httpd.conf to open Apache config file and scroll down until you see <IfModule mod_userdir.c>. Then change this section to look like the following:

<IfModule mod_userdir.c>
    #
    # UserDir is disabled by default since it can confirm the presence
    # of a username on the system (depending on home directory
    # permissions).
    #
    UserDir enabled all

    #
    # To enable requests to /~user/ to serve the user's public_html
    # directory, remove the "UserDir disabled" line above, and uncomment
    # the following line instead:
    #
    UserDir gitRepo

</IfModule>

Afterwards you should be good to go but ensure the permissions are set up correctly:

chmod 711 /home/ec2-user
chmod 755 /home/ec2-user/gitRepo
chown -R ec2-user /home/ec2-user/gitRepo

And finally reload the web server like this:

sudo service httpd reload
Dreen
  • 6,128
  • 10
  • 44
  • 67
  • Thanks for the answer. As I asked FrankFarmer, when I attempt to switch users to the apache user so that I can perform sudo chown /myDir, I get the following response: This account is currently not available. Any ideas why? – Apollo Jul 31 '12 at 00:06
  • 1
    Well, you could do a `sudo chown -R ec2-user /var/www/html`, but from your posts it's not really clear what you're trying to accomplish so I'm not sure it will do exactly what you want – Dreen Jul 31 '12 at 00:49
  • this is what I'm trying to accomplish: creating symbolic link from var/www/html to a directory in the home (~) folder. I have an index.html file in the directory in home (~). Currently, when I go to my website www.blah.com, it shows this 403 error. I've tried to change the permission using sudo chown -h apache:apache but it doesn't seem to help. Do you have any other ideas? – Apollo Jul 31 '12 at 02:24
  • the directory I'm trying to symlink to in home (~) is a git repository, if that makes any difference... – Apollo Jul 31 '12 at 02:34
  • Have you tried setting up the mod_userdir? You can change from `public_html` to something else, so if your git repo is in `~/gitRepo/` you can use `UserDir gitRepo` in the configuration. – Dreen Jul 31 '12 at 15:36
  • I haven't tried this yet. Could you explain what mod_userdir is and how that can replace ec2-user? Also, are you saying that in creating public_html this can then link my /var/www/html? Thanks for your help I really appreciate this. – Apollo Jul 31 '12 at 15:41
  • I have rewritten my answer to hopefully better explain how userdirs can help you. – Dreen Jul 31 '12 at 18:45
  • this is great. My only question would be is it possible to make it so I can access this index.html page without the index.html appended to the url? for example: http://ec2-hostname.aws.amazon.com/~ec2-user/index.html – Apollo Jul 31 '12 at 19:01
  • This is a different module, called mod_dir: http://httpd.apache.org/docs/2.2/mod/mod_dir.html Looking at my ec2's httpd.conf, by default it will show `index.html` or `index.html.var` if they're present in the directory. You can add things like `index.php` if you want those loaded by default too. – Dreen Jul 31 '12 at 19:09