Jump to content
Froxlor Forum
  • 0

.htaccess not accessible by apache...


hk@

Question

Hi
quite similar to https://forum.froxlor.org/index.php?/topic/16806-server-unable-to-read-htaccess-file/#comment-37628

merely out of thin air the error log of a domain reports this:

[Sun Jul 31 15:41:40.701383 2022] [core:crit] [pid 20833:tid 140391919634176] (13)Permission denied: [client x.x.x.x:y] AH00529: /var/customers/webs/user/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/customers/webs/user/' is executable

userdirs usually get created "drwxr-x---" by froxlor. had to change this userdir using "chmod +x" to get "drwxr-x--x" and things worked fine then.
this is a problem that seems to appear if the docroot is another subdirectory and the user places a .htaccess file there, otherwise this seems to be no issue...

a bit strange, but it seems this way.
and yes, the user-group does containt www-data as a member, the system is running ubuntu 20.

finally rebooted the system and changed permissions of the userdir back to 0750.

it seems this issue is somehow related to libnss-extrausers not delivering correctly, yet replication of the problem seems hard.

Link to comment
Share on other sites

4 answers to this question

Recommended Posts

  • 0
20 minutes ago, hk@ said:

userdirs usually get created "drwxr-x---" by froxlor. had to change this userdir using "chmod +x" to get "drwxr-x--x" and things worked fine then.

So it worked before with 0750 - issue occurs, then it only works with 0751? If the webserver user is in the customers group, why would it be necessary to have the folder accessible for OTHERS?

22 minutes ago, hk@ said:

this is a problem that seems to appear if the docroot is another subdirectory and the user places a .htaccess file there, otherwise this seems to be no issue...

but your error message states it wants to check for '/var/customers/webs/user/.htaccess', not some subdirectory

23 minutes ago, hk@ said:

it seems this issue is somehow related to libnss-extrausers not delivering correctly

what message/error makes you conclude that?

This is only debugable if the said error occurs and all permission and owner information (homedir, .htaccess file, userinfo [e.g. 'id user'], libnss-extra files, etc.etc.etc) can be provided.

Link to comment
Share on other sites

  • 0

I'm aware of the strange occurence and if I hadn't had a non-working customer-site I'd have investigated it in more detail.

My conclusion is simply based on the happening: 0750 works, then doesn't work, 0751 works, then after restarting apache and checking the extrausers for oddities it works again with 0750. apache logs clearly it couldn't access the .htaccess (yes in the userdir where no such file exists nor should exist), but it only happened to the one website that had a .htaccess in their docroot while all other sites were working with no issue whatsoever and those do not have a .htaccess in their docroot.

Why it tries to look into the userdir? I don't know.

If we get this error again, we'll hopefully be able to show a simple "groups www-data" that doesn't include the user-group of this or another usere, which it should be a member of which then would in turn point to extrausers for the possible issue.

thx!

Link to comment
Share on other sites

  • 0
11 hours ago, hk@ said:

it couldn't access the .htaccess (yes in the userdir where no such file exists nor should exist) [...]

Why it tries to look into the userdir? I don't know.

That's normal if AllowOverride is used, all directories are being checked for .htaccess - and the check failed because apache could not access the directory

Link to comment
Share on other sites

  • 0

I have noticed the same problem (a while ago too), just noticed it again because i was trying to add a "Verzeichnisschutz" and was getting the forbidden error.

[Wed Dec 21 12:06:34.045799 2022] [core:crit] [pid 844244] (13)Permission denied: [client XX.XX.XX.XX:53253] AH00529: /var/customers/webs/XXXX/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/customers/webs/XXXX/' is executable

There obviously is no /var/customers/webs/XXXX/.htaccess

When i change /var/customers/webs/XXXX/  to 751 i can get the auth prompt just fine, so it seems that its trying to look for .htaccess in the customer docroot but is unable to with 750?!

I dont really get why this relates to the customer root dir and not the Domain Subdir.

I am using fcgi, and the allowoverwrite comes from:

# 05_froxlor_dirfix_nofcgid.conf
# Created 21.12.2022 11:55
# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.

  <Directory "/var/customers/webs/">
    Require all granted
    AllowOverride All
  </Directory>

so i guess this should be working.

As a side note: the automatically created diroptions for webalizer seem to work fine because i have not seen an error in other customer logs (without Verzeichnisschutz)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...