3

I installed lighttpd on Debian Jessie for serving static files, I have a USB drive mounted at /media/storage, with /media/storage/www as my document root and my lighttpd.conf looks like this:

server.modules = (
    "mod_access",
    "mod_alias",
    "mod_compress",
    "mod_redirect",
#       "mod_rewrite",
)

server.document-root        = "/media/storage/www/"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80


index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

I want to be able to edit the website with my normal user "jurre". So I did "sudo chown jurre:www-data /media/storage/www" and "sudo chmod 740 /media/storage/www" (so I can read, write and execute files, but the web server can only read). Of course I logged out and back in again and then restarted lighttpd after this. I added a simple index.html with "Hello World!" to test the setup, but I keep getting a 403 forbidden error when surfing to

ls -l in /media/storage/www :

total 8
-rw-r--r-- 1 jurre www-data 58 May 16 16:43 index.html

I have also checked the lighttpd error log, but it only shows when the web server was shutdown and started again, no errors whatsoever in the log.

Superpelican
  • 43
  • 1
  • 1
  • 3

3 Answers3

3

Another frequent issue is an active SELinux on the machine.

Even with correct permissions on the directory tree, you will still get a 403 if the directory wasn't registered in SELinux.

chcon -R -h -t httpd_sys_content_t /absolute/path

will fix this.

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
NoiseInTheDark TM
  • 31
  • 1
2

You can't access your www folder because www-data user only has 4 right (user:group jurre:www-data and rights 740) which means no execution right on www folder, only read (read folder name and attributes).

You need execution right on folder, because executing a folder means opening it (to list files or to enter it). You can do this with your own user jurre (right 7) but www-data does not have the execution bit set.

Change your right on this folder for 750 and try again.

philippe
  • 2,131
  • 4
  • 30
  • 53
0

Superpelican,

Further to the comment above. May want to try "sudo chown -R www-data:www-data * " or "sudo chown -R www-data:www-data /media/storage/www/* " On that folder or subfolders from within /media/storage/www This way the webserver owns the folders and files within not you as a user.

As far as chmod.. Also try it with something like "sudo chmod -R 755 /media/storage/www/* " Worse case "chmod -R 775" There are different levels of file security between the web server , and the physical OS it self. the chown/chmod more at the OS level. Will effect obtaining files and web pages on the server too..

Hope this helps a bit.. Cheers..

David Thomson
  • 167
  • 2
  • 2
    ``chown -R www-data:www-data`` is bad practice as it gives the whole control to the user ``www-data`` which does not need write privileges. furthermore ``sudo chown -R www-data:www-data /media/storage/www/*`` would not have solved the issue, as only files and folders **after** ``/media/storage/www`` would have been affected, and **not** ``/media/storage/www`` itself. 775 rights is again bad practice as other world does not need any read/exec access, and ``www-data`` does not need to erase/move ``www`` folder. 710 Would have been sufficient. – philippe May 16 '15 at 17:41