WEBページが見れない

arsley commented 3 years ago

概要

apacheのDocumentRootを/var/www/htmlから/home/user/htmlに変更して、$curl http://127.0.0.1/home.htmlを実行したら、403エラーが返ってきてアクセスできない。

前提条件

DocumentRootを変更してはならない。
Apacheの実行ユーザを変更してはならない。
/etc/selinux/configを変更してはならない。

初期状態

webサーバ上で $ curl http://127.0.0.1/home.html をすると403エラーが返ってくる

終了状態

webサーバ上で $ curl http://127.0.0.1/home.html をするとページが返ってくる。
再起動後も問題が解決していること。

hirominn commented 3 years ago

とりあえずApacheを再起動->解決せず

hirominn commented 3 years ago

[user@web-server ~]$ ls -l /home/user/html/home.html -rw-r--r--. 1 user user 201 Sep 12 20:54 /home/user/html/home.html [user@web-server ~]$ ls -l /home/user/html -rw-r--r--. 1 user user 201 Sep 12 20:54 home.html

hirominn commented 3 years ago

[user@web-server ~]$ ls -ld / dr-xr-xr-x. 18 root root 4096 Oct 2 19:44 / [user@web-server ~]$ ls -ld /home/ drwxr-xr-x. 4 root root 4096 Jul 10 01:51 /home/ [user@web-server ~]$ ls -ld /home/user/ drwx------. 3 user user 4096 Oct 8 15:49 /home/user/

hirominn commented 3 years ago

[user@web-server ~]$ chmod o+x /home/user/ [user@web-server ~]$ ls -ld /home/user/ drwx-----x. 3 user user 4096 Oct 8 15:49 /home/user/

hirominn commented 3 years ago

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/home/user/html"

#
# Relax access to content within /var/www.
#
<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>

# Further relax access to the default document root:
<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

hirominn commented 3 years ago

[user@web-server ~]$ ls -ld / dr-xr-xr-x. 18 root root 4096 Oct 2 19:44 / [user@web-server ~]$ ls -ld /home/ drwxr-xr-x. 4 root root 4096 Jul 10 01:51 /home/ [user@web-server ~]$ ls -ld /home/user/ drwx---r-x. 3 user user 4096 Oct 31 15:37 /home/user/ [user@web-server ~]$ ls -ld /home/user/html/ drwxr-xr-x. 2 user user 4096 Oct 8 15:49 /home/user/html/ [user@web-server ~]$ ls -ld /home/user/html/home.html -rw-r--r-x. 1 user user 201 Sep 12 20:54 /home/user/html/home.html

hirominn commented 3 years ago

に権限を編集-> 403 forbidden

arsley commented 3 years ago

/var/log/error_log より

[Sat Oct 31 16:05:10.597025 2020] [authz_core:error] [pid 18219] [client 127.0.0.1:32982] AH01630: client denied by server configuration: /home/user/html/home.html

hirominn commented 3 years ago

[user@web-server ~]$ cat /etc/httpd/conf/httpd.conf

DocumentRoot "/home/user/html"

#
# Relax access to content within /var/www.
#
<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>

# Further relax access to the default document root:
<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

<Directory "/home/user/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

で、 "/home/user/html"の設定を追加 curlする

[Sat Oct 31 16:34:16.264630 2020] [core:error] [pid 18526] (13)Permission denied: [client 127.0.0.1:32988] AH00132: file permissions deny server access: /home/user/html/home.html

エラー内容が変わった。

hirominn commented 3 years ago

[user@web-server ~]$ ls -ld --context /var/www/html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html
[user@web-server ~]$ ls -ld --context /home/user/html/
drwxr-xr-x. user user system_u:object_r:user_home_t:s0 /home/user/html/

ラベルの貼り替えが必要？

hirominn commented 3 years ago

[user@web-server ~]$ sudo chcon system_u:object_r:httpd_sys_content_t:s0 /home/user/html -R
[sudo] password for user: 
[user@web-server ~]$ ls -ld --context /var/www/html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html

hirominn commented 3 years ago

[user@web-server ~]$ curl http://127.0.0.1/home.html
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>Apache Server</title>
</head>
<body>
<div style="text-align: center;">
<h1> Successful Access To Apache Server</h1>
</div>
</body>
</html>

hirominn commented 3 years ago

お世話になっております、yrfwです。この問題ではドキュメントルートへのアクセス権限の設定が原因と考え、以下の変更を行いました。

ルートディレクトリからドキュメントルートまでの実行権限を付与
/etc/httpd/conf/httpd.conf内にて Directoryタブのディレクトリを新ドキュメントルートに書き換え
ドキュメントルートのSELinuxコンテキストにてhttpd_sys_content_tラベルを付与以上の変更にて正常にアクセス可能となりました。どうぞよろしくお願いいたします。

kstm-su / ictsc_2020_yrfw_pre