I've got Apache set up, and I'm using UserDir to host items from the user accounts. The UserDir is public_html and the permissions are set accordingly. Well, I can't access anything in that folder unless I allow others to enter the users home folder. Every time I change the permissions on the home folder, they last for a little while, then get reset. When the home directory resets, it only allows the user to do anything inside his own home folder. The public_html still works fine once I go back and add the Others:Enter flag to the /home/user folder. Whenever this reset happens, the output from Apache goes from being the page, to a nice 403 Forbidden error. What I'm trying to figure out, is why the user's home directory keeps having it's permissions changed back, and how I can make the public_html stay accessible as the user's web site.

The user is is in these groups: ftp, rpm, ctools, ntools, users, usb, cdrom, floppy, wheel, tty, adm, and his own personal group

Apache version is 1.3.26 and the user is Apache/Apache

Linux distribution is Mandrake 9

Hope you can help, thanks!

I just did the EXACT same thing with apache 1.3.27 this week. it was part of a final project at school

in order for this to work, here's what I did:

because there is no name server, I set the server directive to the system's IP address of 172.16.1.1 (RFC1918). I also added the UserDir Enabled user1, user2, etc and UserDir Disabled root directives..

in the User directories, I created public_html folder and touched .htaccess inside the folder. I then chmod -R g+s public_html

before doing the above, I'd only tried creating the public_html folder and creating the .htaccess file within. I was able to lynx localhost/~username from the server, but couldn't get anything from another computer on the network. after doing the above, I haven't had any problems.

HTH
-jon

I tried doing that, but the user's web page content still goes into a forbidden state. The directory permissions for public_html aren't changing at all though. The user's own home directory keeps having it's permissions changed back so no one else can enter it.

I read that the adm group makes 'sensible folders' have more secure permissions. Could this possibly be the cause of the problem?

The only permission entry for the directory that needs to be turned back on is the others-entry. Unfortunately, this and all the other ones except the permissions for the user himself change back.

hum... is this a pre-compiled version of apache, or did you compile yourself?

so far, the users I've tested were both freshly created and only members of the user group.

I'm using 1.3.27 that I downloaded and compiled from source on a slack 8.1 box. but adding .htaccess to ~ and ~/public_html, chmod'ing g+s public_html, and adding the UserDir Enabled directive to the httpd.conf file seemed to work wonders.

you're restarting apachectl when you make changes to httpd.conf, right?

-jon

I think it is the precompiled version of Apache since it is the one that was installed initially with the system itself.

Are both .htaccess files blank that you created, and is the one in the ~ directory needed?

I really think the problem has something to do with the system more than Apache, since the permissions on the directory keep changing back. I don't think the apache user is able to do this. Also, I am restarting apache, usually just using a reboot to make sure changes take effect. :)

both .htaccess files are blank. all I did was type "touch .htaccess" from the command prompt.

as far as the permissions, have you tried logging on as root or SU'ing to root and applying the permissions? I was able to set mine up as the individual users, but maybe trying as root will make the permissions changes more permanent.

I'm not at home, and my server's offline for the time being. I'll check the permissions on the files/folders when I get home and post those.

-jon

hum... had the same problem on a redhat install. turned out to be the permissions on ~ itself

chmod go+x ~

give that a try

These are the permissions on the home directory itself:
drwxr-x--x 6 root adm 4096 Dec 9 19:39 home/

The home directories reset to look like this:
drwx------ 12 clint clint 4096 Dec 10 23:29 clint/
drwx------ 5 eric eric 4096 Dec 10 22:55 eric/

Setting the permissions to this is the only thing need to get the public_html working for clint, but it still won't work for eric unless i add the same permission on that directory.
drwx-----x 12 clint clint 4096 Dec 10 23:29 clint/
drwx------ 5 eric eric 4096 Dec 10 22:55 eric/

This would be nice and simple if it were the cure for the problem, but I'll change the permissions like above, and then they go and change back all by themselves.

The problem comes down to this one single permission changing somehow, and if I can figure out how, and make it stop changing, everything would be fine. The eric user is only in groups eric, users, ntools, and ctools, so the adm group isn't responsible for the problem.

Any more ideas on what keeps changing it?

is this a standard install of MDK? do you have any tight security settings on the system? any IDS software running? I'm not sure why the directory's permissions would keep defaulting to something.

wish I could be of more help on this one, but I've never seen directory perms change, unless there is a default system policy forcing the change.

-jon

This is pretty much a standard install of it. The security is set to 'higher' though. I'm not sure about the IDS thing, but I don't know of anything like that that I have set up.