On 12/27/2016 11:48 AM, Leonard den Ottolander wrote:
Hello Robert,
On Tue, 2016-12-27 at 10:25 -0500, Robert Moskowitz wrote:
I can display the /home/rgm/public_html/index.html file that only has "Hello World' in it (to prevent anyone from walking my file tree from the root).
To prevent people walking a directory structure you better disable Options Indexes.
If I tell someone about ~rgm/mydir (really no such dir), then I want them to find ~rgm/mydir/subdir, but not know about ~rgm/otherdir.
My understanding (most likely flawed) is that Indexes are needed to see the list of files in mydir, and to be able to walk down to subdir. By having a ~rgm/index.html file, they can't query what other files are directly in the public_html directory.
But when I try to display the files in a subdir with ipaddr/~rgm/mydir
I get
You don't have permission to access /~rgm/mydir/ on this server.
The fact that you see the index page makes me assume SELinux is not the problem. If you do have it enabled you might want to check out the sebooleans that affect apache.
$ getsebool -a | grep http
httpd_enable_homedirs is one of those.
I ran
setsebool -P httpd_enable_homedirs on restorecon -Rv /home
And I see:
httpd_enable_homedirs --> on
Remember that file access is based on file permissions in combination with file ownership. This means that if apache is neither owner nor group owner of a file world must have read access for apache to access such files. A 711 permission on a directory is then insufficient. It allows apache to cd to, but not read the directory.
the owner is rgm:rgm, but the permissions is 755, not 711.
So still scratching my head here..