Apache User Does Not Exist

apache user does not exist

Your apache runs as the user called "nobody" (Yes nobody is a username).

I have newer seen a linux where the apache user were called apache but you can configure the name in the apache config. Which linux version are you using?

How to resolve chown: invalid user while starting apache server?

In new systems, e.g. ubuntu 20 * LTS, the configuration file is /etc/apache2/envvars

look for APACHE_RUN_USER and APACHE_RUN_GROUP.

Apache Error AH00112 - document root /usr/Users does not exist (on macOS Mojave)

You need to use "/Users/jonathonoates/Sites/php" (with / before Users) for both "Directory" and "DocumentRoot" in your configuration files.

Error message Forbidden You don't have permission to access / on this server

Update October 2016

4 years ago, since this answer is used as a reference by many, and while I learned a lot from security perspective during these years,
I feel I am responsible to clarify some important notes, and I've update my answer accordingly.

The original answer is correct but not safe for some production environments,
in addition I would like to explain some issues that you might fall into while setting up your environment.

If you are looking for a quick solution and SECURITY IS NOT A MATTER, i.e development env, skip and read the original answer instead

Many scenarios can lead to 403 Forbidden:


A. Directory Indexes (from mod_autoindex.c)

When you access a directory and there is no default file found in this directory
AND Apache Options Indexes is not enabled for this directory.

A.1. DirectoryIndex option example

DirectoryIndex index.html default.php welcome.php

A.2. Options Indexes option

If set, Apache will list the directory content if no default file found (from the above option)

If none of the conditions above is satisfied

You will receive a 403 Forbidden

Recommendations

  • You should not allow directory listing unless REALLY needed.
  • Restrict the default index DirectoryIndex to the minimum.
  • If you want to modify, restrict the modification to the needed directory ONLY, for instance, use .htaccess files, or put your modification inside the <Directory /my/directory> directive

B. deny,allow directives (Apache 2.2)

Mentioned by @Radu, @Simon A. Eugster in the comments
You request is denied, blacklisted or whitelisted by those directives.

I will not post a full explanation, but I think some examples may help you understand,
in short remember this rule:

IF MATCHED BY BOTH, THE LAST DIRECTIVE IS THE ONE THAT WILL WIN

Order allow,deny

Deny will win if matched by both directives (even if an allow directive is written after the deny in the conf)

Order deny,allow

allow will win if matched by both directives

Example 1

Order allow,deny
Allow from localhost mydomain.example

Only localhost and *.mydomain.example can access this, all other hosts are denied

Example 2

Order allow,deny
Deny from evil.example
Allow from safe.evil.example # <-- has no effect since this will be evaluated first

All requests are denied, the last line may trick you, but remember that if matched by both the last win rule (here Deny is the last), same as written:

Order allow,deny
Allow from safe.evil.example
Deny from evil.example # <-- will override the previous one

Example 4

Order deny,allow
Allow from site.example
Deny from untrusted.site.example # <-- has no effect since this will be matched by the above `Allow` directive

Requests are accepted from all hosts

Example 4: typical for public sites (allow unless blacklisted)

Order allow,deny
Allow from all
Deny from hacker1.example
Deny from hacker2.example

Example 5: typical for intranet and secure sites (deny unless whitelisted)

Order deny,allow
Deny from all
Allow from mypc.localdomain
Allow from managment.localdomain

C. Require directive (Apache 2.4)

Apache 2.4 use a new module called mod_authz_host

Require all granted => Allow all requests

Require all denied => Deny all requests

Require host safe.example => Only from safe.example are allowed


D. Files permissions

One thing that most people do it wrong is configuring files permissions,

The GOLDEN RULE is

STARTS WITH NO PERMISSION AND ADD AS PER YOUR NEED

In Linux:

  • Directories should have the Execute permission

  • Files should have the Read permission

  • YES, you are right DO NOT ADD Execute permission for files

for instance, I use this script to setup the folders permissions

# setting permissions for /var/www/mysite.example

# read permission ONLY for the owner
chmod -R /var/www/mysite.example 400

# add execute for folders only
find /var/www/mysite.example -type d -exec chmod -R u+x {} \;

# allow file uploads
chmod -R /var/www/mysite.example/public/uploads u+w

# allow log writing to this folder
chmod -R /var/www/mysite.example/logs/

I posted this code as an example, setup may vary in other situations



Original Answer

I faced the same issue, but I solved it by setting the options directive either in the global directory setting in the httpd.conf or in the specific directory block in httpd-vhosts.conf:

Options Indexes FollowSymLinks Includes ExecCGI

By default, your global directory settings is (httpd.conf line ~188):

<Directory />
    Options FollowSymLinks
    AllowOverride All
    Order deny,allow
    Allow from all
</Directory>

set the options to:
Options Indexes FollowSymLinks Includes ExecCGI

Finally, it should look like:

<Directory />
    #Options FollowSymLinks
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride All
    Order deny,allow
    Allow from all
</Directory>

Also try changing Order deny,allow and Allow from all lines by Require all granted.

Appendix

Directory Indexes source code (some code remove for brevity)

if (allow_opts & OPT_INDEXES) {
     return index_directory(r, d);
} else {
        const char *index_names = apr_table_get(r->notes, "dir-index-names");

        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01276)
                      "Cannot serve directory %s: No matching DirectoryIndex (%s) found, and "
                      "server-generated directory index forbidden by "
                      "Options directive",
                       r->filename,
                       index_names ? index_names : "none");
        return HTTP_FORBIDDEN;
    }

Site does not exist error for a2ensite

Solved the issue by adding .conf extension to site configuration files.

Apache a2ensite results in:

Error! Site Does Not Exist

Problem; If you found the error while trying to enable a site using:

sudo a2ensite example.com

but it returns:

Error: example.com does not exist

a2ensite is simply a Perl script that only works with filenames ending .conf

Therefore, I have to rename my setting file for example.com to example.com.conf as might be achieved as follows: 

mv /etc/apache2/sites-available/example.com /etc/apache2/sites-available/example.com.conf

Success


Related Topics

Sending Keycode to Xorg + Wine with Bash Script

Fatal: Bad Config File Line 1 in /Home/Trx/.Gitconfig

Qt Version Is Not Properly Installed, Please Run Make Install

Write to a File After Piping Output from Tail -F Through to Grep

Error Marking Master: Timed Out Waiting for the Condition [Kubernetes]

Installing R on Rhel 6

How to Create a File with Any Given Size in Linux

Arial Font Required in PDF (Birt PDF Renderer, Linux)

How to Avoid Stdin Input That Does Not Fit in Buffer Be Sent to the Shell in Linux 64-Bit Intel (X86-64) Assembly

How to Export a Modified Kernel Header

How to Add an User and Re Set the Root User in Yocto

Read File Without Disk Caching in Linux

Looping Through Lines in a File in Bash, Without Using Stdin

How to Make Static Linked Elf File to Load Ld_Preload .So

Vimtutor Arrow Keys V/S Hjkl

What's the Difference Between 'Push' and 'Pushq' in At&T Assembly

How to Get Only Filenames Without Path by Using Grep

Linux Kernel Headers' Organization


Leave a reply



Submit