More joy with Centos 7.
I am having permission problems with Postfixadmin. I am installing as I have in my notes I did in Centos6 and it is not working.
I untar Postfixadmin into /usr/share. The owner is root:root (I even tried root:apache). My postfixadmin.conf file has:
alias /mailadmin /usr/share/postfixadmin <Directory "/usr/share/postfixadmin"> AllowOverride AuthConfig </Directory>
And I get when I try fqdn/mailadmin
You don't have permission to access /mailadmin on this server.
When I google this message, I am getting that httpd is not allowing me access. I have even added:
allow from all
To the above .conf with no change.
This is not a SELInux problem as I tried 'setenforce 0' and still get the error.
It is as if there is some new security setting in httpd for files not in the www dir (default of /var/www/).
Any ideas?
thanks
On Fri, 2017-02-17 at 12:02 -0500, Robert Moskowitz wrote:
More joy with Centos 7.
I am having permission problems with Postfixadmin. I am installing as I have in my notes I did in Centos6 and it is not working.
I untar Postfixadmin into /usr/share. The owner is root:root (I even tried root:apache). My postfixadmin.conf file has:
alias /mailadmin /usr/share/postfixadmin <Directory "/usr/share/postfixadmin"> AllowOverride AuthConfig
</Directory>
And I get when I try fqdn/mailadmin
You don't have permission to access /mailadmin on this server.
It is as if there is some new security setting in httpd for files not in the www dir (default of /var/www/).
No, accessing directories outside document root is perfectly acceptable behaviour as far as I can see.
Any ideas?
Just to check, you did restart/reload apache after making the changes?
What do the apache logs say about it? That will tell you if it's a permissions problem or a redirection issue.
P.
On 02/17/2017 12:42 PM, Pete Biggs wrote:
On Fri, 2017-02-17 at 12:02 -0500, Robert Moskowitz wrote:
More joy with Centos 7.
I am having permission problems with Postfixadmin. I am installing as I have in my notes I did in Centos6 and it is not working.
I untar Postfixadmin into /usr/share. The owner is root:root (I even tried root:apache). My postfixadmin.conf file has:
alias /mailadmin /usr/share/postfixadmin <Directory "/usr/share/postfixadmin"> AllowOverride AuthConfig
</Directory>
And I get when I try fqdn/mailadmin
You don't have permission to access /mailadmin on this server.
It is as if there is some new security setting in httpd for files not in the www dir (default of /var/www/).
No, accessing directories outside document root is perfectly acceptable behaviour as far as I can see.
Any ideas?
Just to check, you did restart/reload apache after making the changes?
What do the apache logs say about it? That will tell you if it's a permissions problem or a redirection issue.
From error.log:
[Fri Feb 17 12:56:33.478024 2017] [authz_core:error] [pid 5759] [client 192.168.160.12:48290] AH01630: client denied by server configuration: /usr/share/postfixadmin
Which is:
4 drwxrwxr-x. 17 root apache 4096 Feb 16 19:33 postfixadmin
I originally had ownership of root:root. Same error.
From error.log:
[Fri Feb 17 12:56:33.478024 2017] [authz_core:error] [pid 5759] [client 192.168.160.12:48290] AH01630: client denied by server configuration: /usr/share/postfixadmin
So it's an authorisation issue. In your .htaccess file change
Order allow,deny Allow from all
to the apache 2.4 version
Require all granted
See http://httpd.apache.org/docs/2.4/upgrading.html
P.
On 02/17/2017 01:11 PM, Pete Biggs wrote:
From error.log:
[Fri Feb 17 12:56:33.478024 2017] [authz_core:error] [pid 5759] [client 192.168.160.12:48290] AH01630: client denied by server configuration: /usr/share/postfixadmin
So it's an authorisation issue. In your .htaccess file change
Order allow,deny Allow from allto the apache 2.4 version
Require all granted
Thing is, I don't have an .htaccess file ANYWHERE on this system. I checked.
I'll make one.
My memory may be flawed, but I think the .htaccess is a hidden file just change its properties.
john
On 2/17/2017 1:31 PM, Robert Moskowitz wrote:
On 02/17/2017 01:11 PM, Pete Biggs wrote:
From error.log:
[Fri Feb 17 12:56:33.478024 2017] [authz_core:error] [pid 5759] [client 192.168.160.12:48290] AH01630: client denied by server configuration: /usr/share/postfixadmin
So it's an authorisation issue. In your .htaccess file change
Order allow,deny Allow from allto the apache 2.4 version
Require all grantedThing is, I don't have an .htaccess file ANYWHERE on this system. I checked.
I'll make one.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 02/17/2017 02:15 PM, John Plemons wrote:
My memory may be flawed, but I think the .htaccess is a hidden file just change its properties.
Yes, it is hidden, but 'ls -lsa' will show it. And mlocate's updatedb finds them as in:
# locate .bash_history /home/rgm/.bash_history /root/.bash_history
which is another hidden file.
I use locate a lot. 'Where did I put the that write up on xyz?' Locate with grep are my friends.
john
On 2/17/2017 1:31 PM, Robert Moskowitz wrote:
On 02/17/2017 01:11 PM, Pete Biggs wrote:
From error.log:
[Fri Feb 17 12:56:33.478024 2017] [authz_core:error] [pid 5759] [client 192.168.160.12:48290] AH01630: client denied by server configuration: /usr/share/postfixadmin
So it's an authorisation issue. In your .htaccess file change
Order allow,deny Allow from allto the apache 2.4 version
Require all grantedThing is, I don't have an .htaccess file ANYWHERE on this system. I checked.
I'll make one.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Thing is, I don't have an .htaccess file ANYWHERE on this system. I checked.
If you don't have a .htaccess file, then why have the AllowOverride directive in the .conf file?
Putting AllowOverride in means that every time apache retrieves a file from that directory, *and every directory below*, it will look for a .htaccess file in the current directory, and every directory above (until it reaches the original directory). It doesn't cache the information (because it can change), so it means a significant increase in the amount of disk activity for each page. It also provides another attack surface for naughty people.
So in general if you don't use, or intend to use, .htaccess files, then don't put in the AllowOverride directive.
P.
On 02/17/2017 01:11 PM, Pete Biggs wrote:
From error.log:
[Fri Feb 17 12:56:33.478024 2017] [authz_core:error] [pid 5759] [client 192.168.160.12:48290] AH01630: client denied by server configuration: /usr/share/postfixadmin
So it's an authorisation issue. In your .htaccess file change
Order allow,deny Allow from allto the apache 2.4 version
Require all granted
Not there still. In /var/www/html I created .htaccess:
# ls -lstra total 12 4 drwxr-xr-x. 4 root root 4096 Feb 6 16:06 .. 4 drwxr-xr-x. 2 root root 4096 Feb 17 13:32 . 4 -rw-r--r--. 1 root apache 21 Feb 17 13:32 .htaccess
# cat .htaccess Require all granted
restarted httpd, and still get the error.
[Fri Feb 17 13:36:17.366525 2017] [authz_core:error] [pid 5844] [client 192.168.160.12:48370] AH01630: client denied by server configuration: /usr/share/postfixadmin
-----Original Message----- From: CentOS [mailto:centos-bounces@centos.org] On Behalf Of Robert Moskowitz Sent: Friday, February 17, 2017 1:40 PM To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] Centos 7 httpd Permission problems with Postfixadmin
So it's an authorisation issue. In your .htaccess file change
Order allow,deny Allow from allto the apache 2.4 version
Require all grantedNot there still. In /var/www/html I created .htaccess:
# ls -lstra total 12 4 drwxr-xr-x. 4 root root 4096 Feb 6 16:06 .. 4 drwxr-xr-x. 2 root root 4096 Feb 17 13:32 . 4 -rw-r--r--. 1 root apache 21 Feb 17 13:32 .htaccess
# cat .htaccess Require all granted
restarted httpd, and still get the error.
[Fri Feb 17 13:36:17.366525 2017] [authz_core:error] [pid 5844] [client 192.168.160.12:48370] AH01630: client denied by server configuration: /usr/share/postfixadmin
Does the conf file that contains the "/usr/share/postfixadmin" alias also contain a Directory block? Something like this:
Alias /postfixadmin /usr/share/postfixadmin
<Directory "/usr/share/postfixadmin">
...stuff here...
</Directory>
Look for the old style "Order Deny,Allow" and "Deny from All" and remove them if it does, and put the "Require all granted" there.
Al McCann
On 02/17/2017 01:52 PM, Albert McCann wrote:
-----Original Message----- From: CentOS [mailto:centos-bounces@centos.org] On Behalf Of Robert Moskowitz Sent: Friday, February 17, 2017 1:40 PM To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] Centos 7 httpd Permission problems with Postfixadmin
So it's an authorisation issue. In your .htaccess file change
Order allow,deny Allow from allto the apache 2.4 version
Require all grantedNot there still. In /var/www/html I created .htaccess:
# ls -lstra total 12 4 drwxr-xr-x. 4 root root 4096 Feb 6 16:06 .. 4 drwxr-xr-x. 2 root root 4096 Feb 17 13:32 . 4 -rw-r--r--. 1 root apache 21 Feb 17 13:32 .htaccess
# cat .htaccess Require all granted
restarted httpd, and still get the error.
[Fri Feb 17 13:36:17.366525 2017] [authz_core:error] [pid 5844] [client 192.168.160.12:48370] AH01630: client denied by server configuration: /usr/share/postfixadmin
Does the conf file that contains the "/usr/share/postfixadmin" alias also contain a Directory block? Something like this:
Alias /postfixadmin /usr/share/postfixadmin
<Directory "/usr/share/postfixadmin">
...stuff here...
</Directory>
Look for the old style "Order Deny,Allow" and "Deny from All" and remove them if it does, and put the "Require all granted" there.
Pingo. I had a 'allow from all' there. Changed it to:
# cat /etc/httpd/conf.d/postfixadmin.conf alias /mailadmin /usr/share/postfixadmin <Directory "/usr/share/postfixadmin"> AllowOverride AuthConfig # allow from all Require all granted </Directory>
and it works.
THANKS.
Going to have to seriously read that upgrading page...
Changed it to:
# cat /etc/httpd/conf.d/postfixadmin.conf alias /mailadmin /usr/share/postfixadmin <Directory "/usr/share/postfixadmin"> AllowOverride AuthConfig # allow from all Require all granted
</Directory>
Yes, all directories need to have 'Require all granted' on them somewhere - if you look in /etc/httpd/conf/httpd.conf there is the definition of the default document root and in that it has the Require line - that is inherited by all subdirectories so you don't need to explicitly state it. But if you use a directory outside document root, then you need to put it into the definition.
And again if you don't intend to use .htaccess files, then remove the AllowOverride line.
P.
Robert Moskowitz wrote:
On 02/17/2017 01:11 PM, Pete Biggs wrote:
From error.log:
[Fri Feb 17 12:56:33.478024 2017] [authz_core:error] [pid 5759] [client 192.168.160.12:48290] AH01630: client denied by server configuration: /usr/share/postfixadmin
So it's an authorisation issue. In your .htaccess file change
Order allow,deny Allow from allto the apache 2.4 version
Require all grantedNot there still. In /var/www/html I created .htaccess:
# ls -lstra total 12 4 drwxr-xr-x. 4 root root 4096 Feb 6 16:06 .. 4 drwxr-xr-x. 2 root root 4096 Feb 17 13:32 . 4 -rw-r--r--. 1 root apache 21 Feb 17 13:32 .htaccess
# cat .htaccess Require all granted
restarted httpd, and still get the error.
[Fri Feb 17 13:36:17.366525 2017] [authz_core:error] [pid 5844] [client 192.168.160.12:48370] AH01630: client denied by server configuration: /usr/share/postfixadmin
Do you have an authz.conf file?
mark
On 02/17/2017 01:56 PM, m.roth@5-cent.us wrote:
Robert Moskowitz wrote:
On 02/17/2017 01:11 PM, Pete Biggs wrote:
From error.log:
[Fri Feb 17 12:56:33.478024 2017] [authz_core:error] [pid 5759] [client 192.168.160.12:48290] AH01630: client denied by server configuration: /usr/share/postfixadmin
So it's an authorisation issue. In your .htaccess file change
Order allow,deny Allow from allto the apache 2.4 version
Require all grantedNot there still. In /var/www/html I created .htaccess:
# ls -lstra total 12 4 drwxr-xr-x. 4 root root 4096 Feb 6 16:06 .. 4 drwxr-xr-x. 2 root root 4096 Feb 17 13:32 . 4 -rw-r--r--. 1 root apache 21 Feb 17 13:32 .htaccess
# cat .htaccess Require all granted
restarted httpd, and still get the error.
[Fri Feb 17 13:36:17.366525 2017] [authz_core:error] [pid 5844] [client 192.168.160.12:48370] AH01630: client denied by server configuration: /usr/share/postfixadmin
Do you have an authz.conf file?
No authz.conf anywhere on the system. Thanks for the advice, but I got it now.
Not there still. In /var/www/html I created .htaccess:
# ls -lstra total 12 4 drwxr-xr-x. 4 root root 4096 Feb 6 16:06 .. 4 drwxr-xr-x. 2 root root 4096 Feb 17 13:32 . 4 -rw-r--r--. 1 root apache 21 Feb 17 13:32 .htaccess
# cat .htaccess Require all granted
restarted httpd, and still get the error.
[Fri Feb 17 13:36:17.366525 2017] [authz_core:error] [pid 5844] [client 192.168.160.12:48370] AH01630: client denied by server configuration: /usr/share/postfixadmin
That's not how the .htaccess file works. It needs to be in the directory specified in the postfixadmin.conf file - i.e. the configuration
<Directory "/usr/share/postfixadmin"> AllowOverride AuthConfig </Directory>
means to look in the .htaccess file in /usr/share/postfixadmin when accessing any file in that directory (and below) for authorisation information.
Putting it in /var/www/html will have no effect.
P.
On Feb 17, 2017 12:03 PM, "Robert Moskowitz" rgm@htt-consult.com wrote:
More joy with Centos 7.
I am having permission problems with Postfixadmin. I am installing as I have in my notes I did in Centos6 and it is not working.
I untar Postfixadmin into /usr/share. The owner is root:root (I even tried root:apache). My postfixadmin.conf file has:
alias /mailadmin /usr/share/postfixadmin <Directory "/usr/share/postfixadmin"> AllowOverride AuthConfig </Directory>
I
What is the setting "allowoveride"? What does it mean?
And I get when I try fqdn/mailadmin
You don't have permission to access /mailadmin on this server.
When I google this message, I am getting that httpd is not allowing me access. I have even added:
allow from all
To the above .conf with no change.
This is not a SELInux problem as I tried 'setenforce 0' and still get the error.
It is as if there is some new security setting in httpd for files not in the www dir (default of /var/www/).
Any ideas?
thanks
_______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
What is the setting "allowoveride"? What does it mean?
It tells apache to obey .htaccess files in the document directory - in other words it "allows" the .htaccess file to "override" the configured parameters. The arguments to it say what subset of commands can be overridden - AuthConfig allows authorisation configuration.
P.
On 02/17/2017 12:42 PM, Istimsak Abdulbasir wrote:
On Feb 17, 2017 12:03 PM, "Robert Moskowitz" rgm@htt-consult.com wrote:
More joy with Centos 7.
I am having permission problems with Postfixadmin. I am installing as I have in my notes I did in Centos6 and it is not working.
I untar Postfixadmin into /usr/share. The owner is root:root (I even tried root:apache). My postfixadmin.conf file has:
alias /mailadmin /usr/share/postfixadmin <Directory "/usr/share/postfixadmin"> AllowOverride AuthConfig
</Directory>
I
What is the setting "allowoveride"? What does it mean?
https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride
This has been in the default postfixadmin.conf for many years.
And I get when I try fqdn/mailadmin
You don't have permission to access /mailadmin on this server.
When I google this message, I am getting that httpd is not allowing me access. I have even added:
allow from all
To the above .conf with no change.
This is not a SELInux problem as I tried 'setenforce 0' and still get the error.
It is as if there is some new security setting in httpd for files not in the www dir (default of /var/www/).
Any ideas?
thanks
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-
Albert McCann -
Istimsak Abdulbasir -
John Plemons -
m.roth@5-cent.us -
Pete Biggs -
Robert Moskowitz