Apache [forbidden 403]錯(cuò)誤的解決辦法

1、常規(guī)的配置： 
添加用戶web: 
adduser web            
  
passwd  web

在web用戶目錄下建立public_html目錄，并將權(quán)限設(shè)置為755: 
mkdir public_html 
chmod 755 public_html -R

修改/etc/http/httpd.conf: 
# 
# UserDir: The name of the directory that is appended onto a user's home 
# directory if a ~user request is received. 
# 
# The path to the end user account 'public_html' directory must be 
# accessible to the webserver userid.  This usually means that ~userid 
# must have permissions of 711, ~userid/public_html must have permissions 
# of 755, and documents contained therein must be world-readable. 
# Otherwise, the client will only receive a "403 Forbidden" message. 
# 
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden 
# 
<IfModule mod_userdir.c> 
    # 
    # UserDir is disabled by default since it can confirm the presence 
    # of a username on the system (depending on home directory 
    # permissions). 
    # 
    #UserDir disable 
    # 
    # To enable requests to /~user/ to serve the user's public_html 
    # directory, remove the "UserDir disable" line above, and uncomment 
    # the following line instead: 
    # 
    UserDir public_html 
</IfModule>

2、測(cè)試、問題出現(xiàn)： 
http://127.0.0.1/~web 
＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

Forbidden 
You don't have permission to access /~web on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

--------------------------------------------------------------------------------

Apache/2.0.54 (Fedora) Server at 127.0.0.1 Port 80 
 

一般出現(xiàn)這個(gè)問題，直觀地會(huì)想到的目錄的存取權(quán)限問題，查了很久，調(diào)了很久也沒有解決問題。其間曾想到是否Selinux的問題，進(jìn)去看了一圈，沒有發(fā)現(xiàn)什么要改的地方。（后來的事實(shí)證明，有時(shí)候直覺是很準(zhǔn)的，能否找到答案，區(qū)別往往是：是否在直覺上走的更深入）。

3、問題的解決 
用Google以Apache 403搜了好一會(huì)，終于在一個(gè)博客里看到，作者遇到和我完全相同的問題：Apache、目錄的配置都沒問題，但就是不能顯示頁面。而解決方法恰恰就是修改Selinux對(duì)public_html的訪問控制。 
用以下命令修改文件夾安全屬性 
chcon -R -t httpd_user_content_t public_html/ 

4、關(guān)聯(lián)知識(shí)的總結(jié)：

Fedora Core 5 SELinux FAQ 
http://fedora.redhat.com/docs/selinux-faq-fc5/#faq-entry-public_html Q:  How do I make a user public_html directory work under SELinux?  
  
A: This process presumes that you have enabled user public HTML directories in your Apache configuration file, /etc/httpd/conf/httpd.conf. This process only covers serving static Web content. For more information about Apache HTTP and SELinux, refer to http://fedora.redhat.com/docs/selinux-apache-fc3/. 

If you do not already have a ~/public_html directory, create it and populate it with the files and folders to be served. 

cd ~mkdir public_htmlcp /path/to/content ~/public_html

At this point, httpd is configured to serve the contents, but you still receive a 403 forbidden error. This is because httpd is not allowed to read the security type for the directory and files as they are created in the user's home directory. Change the security context of the folder and its contents recursively using the -R option: 

ls -Z -d public_html/drwxrwxr-x  auser    auser    user_u:object_r:user_home_t      public_htmlchcon -R -t httpd_user_content_t public_html/ls -Z -d public_html/drwxrwxr-x  auser    auser    user_u:object_r:httpd_user_content_t public_html/ls -Z public_html/-rw-rw-r--  auser    auser    user_u:object_r:httpd_user_content_t bar.html-rw-rw-r--  auser    auser    user_u:object_r:httpd_user_content_t baz.html-rw-rw-r--  auser    auser    user_u:object_r:httpd_user_content_t foo.html

You may notice at a later date that the user field, set here to user_u, is changed to system_u. This does not affect how the targeted policy works. The field that matters is the type field. 

服務(wù)器租用/服務(wù)器托管中國(guó)五強(qiáng)！虛擬主機(jī)域名注冊(cè)頂級(jí)提供商！15年品質(zhì)保障！--億恩科技[ENKJ.COM]