Baffled by 403
Added by frodo over 5 years ago
Hello,
I certainly must be missing something, although it looks pretty good. The problem is getting 403 with a very simple HTML test page. Version is 1.4.49, system is Linux Mint 18. Lighty runs as user lighttpd.
Passwd has:
lighttpd:x:1001:1001::/var/www/lighttpd:/sbin/nologin
Group has:
lighttpd:x:1001:
Config is in /etc/lighttpd/lighttpd.conf and is:
server.document-root = "/var/www/lighttpd"
server.port = 80
server.username = "lighttpd"
server.groupname = "lighttpd"
server.bind = "127.0.0.1"
server.tag = "lighttpd"
server.errorlog = "/var/log/lighttpd/error.log"
Folder in /var/log/ is:
lighttpd lighttpd 4096 Jul 28 13:24 lighttpd/
/var/www/lighttpd is:
drwxr-xr-x lighttpd lighttpd 4096 Jul 28 14:00 lighttpd/
The file in /var/www/lighttpd/ is:
rw-r--r- lighttpd lighttpd 84 Jul 28 13:29 test.html
And consists of:
cat test.html
<!DOCTYPE html>
<html>
<body>
<h1>Lighttpd Test</h1>
<p>OK !</p>
</body>
</html>
Lighty is launched with user root like this:
lighttpd -D -f /etc/lighttpd/lighttpd.conf
For testing, firefox and wget are used. Firefox returns a 403 Forbidden page. wget returns:
Connecting to localhost (localhost)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2018-07-28 17:23:15 ERROR 403: Forbidden.
Log file shows nothing much:
2018-07-28 17:20:13: (server.c.1423) server started (lighttpd/1.4.49)
2018-07-28 17:23:11: (server.c.937) [note] graceful shutdown started
2018-07-28 17:23:11: (server.c.2016) server stopped by UID = 0 PID = 0
Everything seems to be quite OK as far as perms are concerned, as well as config. What can be wrong ? Any help much appreciated.
Replies (4)
RE: Baffled by 403 - Added by gstrauss over 5 years ago
Have you tried to su to user lighttpd and tried to access the file?
Your issue is possibly related to SELinux settings on your filesystem.
https://www.tecmint.com/disable-selinux-temporarily-permanently-in-centos-rhel-fedora/
http://www.linuxpathfinder.com/how-to-disable-selinux-temporarily-or-permanently
RE: Baffled by 403 - Added by frodo over 5 years ago
su to user lighttpd will return:
su lighttpd
This account is currently not available
Since 'nologin' is used:
lighttpd:x:1001:1001::/var/www/lighttpd:/usr/sbin/nologin
I replaced '/usr/sbin/nlogin' by /bin/sh' which is used elsewhere in passwd. Now it's possible to open a shell and cat the test.html. After restarting lighttpd, same 403 error.
The package libselinux1 is installed and that's the only one related to selinux. However it's not running as the commands setenfore sestatus are not found. The lInux Mint 18 pages mention that SELinux is not enabled by default. The /etc/selinux/ folder has only semanage.conf
Still baffled. What could it be ?
RE: Baffled by 403 - Added by gstrauss over 5 years ago
Are you requesting '/' or '/test.html'? You have not enabled mod_dirlisting or mod_indexfile, so requesting '/' will result in a 403 Forbidden.
Since the error log is not showing anything, you could try strace on the lighttpd process to see what it is doing and which system calls fail.
RE: Baffled by 403 - Added by frodo over 5 years ago
Thanks. Enabling the dir listing allows for having the directory listing served as an index.html file.
dir-listing.activate = "enable"
But still, any access to the test.html now results in a download request instead of showing the test page.
If am not so sure at this point to allow mod_indexfile. I do not think such an option would be needed to serve a simple html file.
Every wget example I have seen is formatted such as:
wget http://localhost/test.html
Since the last slash invokes a directory listing which is forbidden (with reason) in plain lighttpd mode, what would be the format of the request in order to get the test.html displayed without a download ? And this goes for firefox too as firefox asks to save the file instead of displaying it.