CentOS 7 Httpd Permission Problems With Postfixadmin

Home » CentOS » CentOS 7 Httpd Permission Problems With Postfixadmin
CentOS 15 Comments

More joy with CentOS 7.

I am having permission problems with Postfixadmin. I am installing as I have in my notes I did in CentOS6 and it is not working.

I untar Postfixadmin into /usr/share. The owner is root:root (I even tried root:apache). My postfixadmin.conf file has:

alias /mailadmin /usr/share/postfixadmin

AllowOverride AuthConfig

And I get when I try fqdn/mailadmin

You don’t have permission to access /mailadmin on this server.

When I google this message, I am getting that httpd is not allowing me access. I have even added:

allow from all

To the above .conf with no change.

This is not a SELInux problem as I tried ‘setenforce 0’ and still get the error.

It is as if there is some new security setting in httpd for files not in the www dir (default of /var/www/).

Any ideas?

thanks

15 thoughts on - CentOS 7 Httpd Permission Problems With Postfixadmin

  • More joy with CentOS 7.

    I am having permission problems with Postfixadmin. I am installing as I
    have in my notes I did in CentOS6 and it is not working.

    I untar Postfixadmin into /usr/share. The owner is root:root (I even tried root:apache). My postfixadmin.conf file has:

    alias /mailadmin /usr/share/postfixadmin

    AllowOverride AuthConfig

    I

    What is the setting “allowoveride”? What does it mean?

    And I get when I try fqdn/mailadmin

    You don’t have permission to access /mailadmin on this server.

    When I google this message, I am getting that httpd is not allowing me access. I have even added:

    allow from all

    To the above .conf with no change.

    This is not a SELInux problem as I tried ‘setenforce 0’ and still get the error.

    It is as if there is some new security setting in httpd for files not in the www dir (default of /var/www/).

    Any ideas?

    thanks

  • No, accessing directories outside document root is perfectly acceptable behaviour as far as I can see.

    Just to check, you did restart/reload apache after making the changes?

    What do the apache logs say about it? That will tell you if it’s a permissions problem or a redirection issue.

    P.

  • It tells apache to obey .htaccess files in the document directory – in other words it “allows” the .htaccess file to “override” the configured parameters. The arguments to it say what subset of commands can be overridden – AuthConfig allows authorisation configuration.

    P.

  • From error.log:

    [Fri Feb 17 12:56:33.478024 2017] [authz_core:error] [pid 5759] [client
    192.168.160.12:48290] AH01630: client denied by server configuration:
    /usr/share/postfixadmin

    Which is:

    4 drwxrwxr-x. 17 root apache 4096 Feb 16 19:33 postfixadmin

    I originally had ownership of root:root. Same error.

  • Not there still. In /var/www/html I created .htaccess:

    # ls -lstra total 12
    4 drwxr-xr-x. 4 root root 4096 Feb 6 16:06 ..
    4 drwxr-xr-x. 2 root root 4096 Feb 17 13:32 .
    4 -rw-r–r–. 1 root apache 21 Feb 17 13:32 .htaccess

    # cat .htaccess
    Require all granted

    restarted httpd, and still get the error.

    [Fri Feb 17 13:36:17.366525 2017] [authz_core:error] [pid 5844] [client
    192.168.160.12:48370] AH01630: client denied by server configuration:
    /usr/share/postfixadmin

  • Does the conf file that contains the “/usr/share/postfixadmin” alias also contain a Directory block? Something like this:

    Alias /postfixadmin /usr/share/postfixadmin

    …stuff here…

    Look for the old style “Order Deny,Allow” and “Deny from All” and remove them if it does, and put the “Require all granted” there.

    Al McCann

  • Yes, it is hidden, but ‘ls -lsa’ will show it. And mlocate’s updatedb finds them as in:

    # locate .bash_history
    /home/rgm/.bash_history
    /root/.bash_history

    which is another hidden file.

    I use locate a lot. ‘Where did I put the that write up on xyz?’ Locate with grep are my friends.

  • That’s not how the .htaccess file works. It needs to be in the directory specified in the postfixadmin.conf file – i.e. the configuration


             AllowOverride AuthConfig

    means to look in the .htaccess file in /usr/share/postfixadmin when accessing any file in that directory (and below) for authorisation information.

    Putting it in /var/www/html will have no effect.

    P.

  • If you don’t have a .htaccess file, then why have the AllowOverride directive in the .conf file?

    Putting AllowOverride in means that every time apache retrieves a file from that directory, *and every directory below*, it will look for a
    .htaccess file in the current directory, and every directory above
    (until it reaches the original directory). It doesn’t cache the information (because it can change), so it means a significant increase in the amount of disk activity for each page. It also provides another attack surface for naughty people.

    So in general if you don’t use, or intend to use, .htaccess files, then don’t put in the AllowOverride directive.

    P.

LEAVE A COMMENT