On Fri, Mar 07, 2025 at 11:10:48AM -0800, Van Snyder wrote: > I have two computers, both running Debian 12.5 with kernel 6.1.0-31- > amd64 > > Both are running Apache/2.4.62 (Debian), Server built: 2024-10- > 04T15:21:08 > > Both machines show one "/usr/sbin/apache2 -k start" process owned by > root and three owned by www-data.
This seems normal: the root process is the one started first, and its only job is to fork "workers": those change user to www-data before they do anything else. > Both have web pages in /opt/www, not /var/www, so they don't disappear > when I re-install. They shouldn't, but I don't know how you "re-install", so I'll shut up. If you take into account the new dir in your web server configs, this shouldn't be a problem. > Their /etc/apache2/apache2.conf files are identical. The only changes > from the default one are > > # <Directory /var/www/> > # Options Indexes FollowSymLinks > # AllowOverride None > # Require all granted > # </Directory> > > <Directory /opt/www/> > Options Indexes FollowSymLinks > AllowOverride None > Require all granted > </Directory> Somewhere there should be a DocumentRoot which you might want to adjust accordingly. > My uname "vsnyder" is in the same places in /etc/group* on both > machines, in particular on the "adm" line (and lpadmin as well). This should be irrelevant. > My uid and default gid are the same on both machines. Same. > In /opt/www on both machines, all of the files and directories are > owned by vsnyder:adm This is not very typical. In any case, the web server, running as www-data, should have read access to those files. If you want to keep the ownerships as above (why?), you should make them world readable (you haven't shown us the permissions, BTW, only the ownerships). Depending on the application running under the web server (PHP? What else?) www-data might want to have write access to same file. > In /opt/www on both machines, the directories' modes are all 755, and > the files' modes are all 644. Ah -- so www-data should have read (the third 4 is r--, that's for "others") access to the files. Good. > Web pages display on one, but not the other. > /var/log/apache2/access.log and /var/log/apache2/error.log show 403 > errors on GET lines. Check the read permissions on the directories "above", i.e. /, /opt/ and /opt/www/. AFAIR the web server needs read access along the full path (I don't think it needs "list", aka "execute" access). Cheers -- t
signature.asc
Description: PGP signature
