On 12/27/2016 11:48 AM, Leonard den Ottolander wrote: > Hello Robert, > > On Tue, 2016-12-27 at 10:25 -0500, Robert Moskowitz wrote: >> I can display the /home/rgm/public_html/index.html file that only has >> "Hello World' in it (to prevent anyone from walking my file tree from >> the root). > To prevent people walking a directory structure you better disable > Options Indexes. If I tell someone about ~rgm/mydir (really no such dir), then I want them to find ~rgm/mydir/subdir, but not know about ~rgm/otherdir. My understanding (most likely flawed) is that Indexes are needed to see the list of files in mydir, and to be able to walk down to subdir. By having a ~rgm/index.html file, they can't query what other files are directly in the public_html directory. > >> But when I try to display the files in a subdir with ipaddr/~rgm/mydir >> >> I get >> >> You don't have permission to access /~rgm/mydir/ on this server. > The fact that you see the index page makes me assume SELinux is not the > problem. If you do have it enabled you might want to check out the > sebooleans that affect apache. > > $ getsebool -a | grep http > > httpd_enable_homedirs is one of those. I ran setsebool -P httpd_enable_homedirs on restorecon -Rv /home And I see: httpd_enable_homedirs --> on > Remember that file access is based on file permissions in combination > with file ownership. This means that if apache is neither owner nor > group owner of a file world must have read access for apache to access > such files. A 711 permission on a directory is then insufficient. It > allows apache to cd to, but not read the directory. the owner is rgm:rgm, but the permissions is 755, not 711. So still scratching my head here..