Apache2: php-cgi / fcgid - Forbidden 403

Apache, Lighttpd, nginx, Cherokee
toto1988
Posts: 33
Joined: 2007-05-22 18:04
Location: Bayern

Apache2: php-cgi / fcgid - Forbidden 403

Post by toto1988 » 2012-03-07 14:39

Hallo Community,

ich wollte von php_mod auf php-cgi umstellen und hat dazu die Pakete installiert und teilweise auch configs nach Vorgaben geändert. Will ich jetzt eine Seite aufrufen erhalte ich einen 403 Fehler.

Forbidden
You don't have permission to access /index.php on this server.


Eingesetzt wird der Apache 2.29 auf Debian 5. Habt ihr mir vielleicht ein paar Tipps woran es liegen könnte.

Danke
toto1988

User avatar
Joe User
Project Manager
Project Manager
Posts: 11137
Joined: 2003-02-27 01:00
Location: Hamburg

Re: Apache2: php-cgi / fcgid - Forbidden 403

Post by Joe User » 2012-03-07 14:53

Poste bitte die relevanten Abschnitte Deiner Apache-Config und die Ausgabe von:

Code: Select all

ls -alh /path/to/documentroot
PayPal.Me/JoeUserFreeBSD Remote Installation
Wings for LifeWings for Life World Run

„If there’s more than one possible outcome of a job or task, and one
of those outcomes will result in disaster or an undesirable consequence,
then somebody will do it that way.“ -- Edward Aloysius Murphy Jr.

toto1988
Posts: 33
Joined: 2007-05-22 18:04
Location: Bayern

Re: Apache2: php-cgi / fcgid - Forbidden 403

Post by toto1988 » 2012-03-07 15:59

ls -alh /path/to/documentroot

drwxr-xr-x 16 greiner root 4,0K 2. Mär 19:16 .
drwxr-xr-x 7 greiner root 4,0K 7. Mär 11:56 ..
drwxr-xr-x 10 greiner users 4,0K 2. Mär 11:12 administrator
drwxr-xr-x 2 greiner root 4,0K 2. Mär 11:12 cache
drwxr-xr-x 2 greiner users 4,0K 2. Mär 11:12 cli
drwxrwxrwx 13 greiner users 4,0K 2. Mär 11:14 components
-rwxrwxrwx 1 greiner users 2,1K 7. Mär 09:19 configuration.php
-rw-r--r-- 1 greiner users 3,1K 2. Mär 11:01 .htaccess
drwxrwxrwx 4 greiner users 4,0K 3. Mär 16:40 images
drwxr-xr-x 2 greiner users 4,0K 2. Mär 11:14 includes
-rw-r--r-- 1 greiner users 1,3K 2. Mär 11:01 index.php
-rw-r--r-- 1 greiner users 1,8K 2. Mär 11:01 joomla.xml
drwxr-xr-x 5 greiner root 4,0K 2. Mär 19:11 language
drwxrwxrwx 7 greiner users 4,0K 2. Mär 10:55 libraries
-rw-r--r-- 1 greiner users 18K 2. Mär 11:01 LICENSE.txt
drwxr-xr-x 2 greiner root 4,0K 2. Mär 10:55 logs
drwxr-xr-x 14 greiner root 4,0K 2. Mär 10:58 media
drwxrwxrwx 26 greiner users 4,0K 2. Mär 10:59 modules
drwxr-xr-x 13 greiner root 4,0K 2. Mär 11:00 plugins
-rw-r--r-- 1 greiner users 4,2K 2. Mär 11:01 README.txt
-rwxr-xr-x 1 greiner root 865 2. Mär 11:01 robots.txt
drwxrwxrwx 10 greiner users 4,0K 4. Mär 17:15 templates
drwxrwxrwx 10 greiner users 4,0K 7. Mär 10:35 tmp
-rwxr-xr-x 1 greiner root 1,7K 2. Mär 11:01 web.config.txt




httpd.conf
AddType application/x-httpd-php .php .php3 .php4 .php5
AddType application/x-httpd-php-source .phps



apache2.conf

ServerRoot "/etc/apache2"

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
#<IfModule !mpm_winnt.c>
#<IfModule !mpm_netware.c>
LockFile /var/lock/apache2/accept.lock
#</IfModule>
#</IfModule>

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15

# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 250
MaxRequestsPerChild 5000
</IfModule>

# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>

AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>



# Include module configuration:
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf

# Include all the user configurations:
Include /etc/apache2/httpd.conf

# Include ports listing
Include /etc/apache2/ports.conf


# Include generic snippets of statements
Include /etc/apache2/conf.d/

# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/






conf.d\apache.conf

Alias /squirrelmail /usr/share/squirrelmail

<Directory /usr/share/squirrelmail>
Options Indexes FollowSymLinks
<IfModule mod_php4.c>
php_flag register_globals off
</IfModule>
<IfModule mod_php5.c>
php_flag register_globals off
</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.php
</IfModule>

# access to configtest is limited by default to prevent information leak
<Files configtest.php>
order deny,allow
deny from all
allow from 127.0.0.1
</Files>
</Directory>

User avatar
Joe User
Project Manager
Project Manager
Posts: 11137
Joined: 2003-02-27 01:00
Location: Hamburg

Re: Apache2: php-cgi / fcgid - Forbidden 403

Post by Joe User » 2012-03-07 16:11

So sollte es im Idealfall laufen:

Code: Select all

chown -R greiner:users /path/to/documentroot
find /path/to/documentroot -type d -print0 | xargs -0 chmod 0750
find /path/to/documentroot -type f -print0 | xargs -0 chmod 0640

Und so im ungünstigsten Fall:

Code: Select all

chown -R greiner:users /path/to/documentroot
find /path/to/documentroot -type d -print0 | xargs -0 chmod 0755
find /path/to/documentroot -type f -print0 | xargs -0 chmod 0644



Wie sieht die Apache-Config für suexec/suphp und mod_fcgid aus?

Ist User "greiner" in Gruppe "www-data" oder User "www-data" in Gruppe "users"?
PayPal.Me/JoeUserFreeBSD Remote Installation
Wings for LifeWings for Life World Run

„If there’s more than one possible outcome of a job or task, and one
of those outcomes will result in disaster or an undesirable consequence,
then somebody will do it that way.“ -- Edward Aloysius Murphy Jr.

toto1988
Posts: 33
Joined: 2007-05-22 18:04
Location: Bayern

Re: Apache2: php-cgi / fcgid - Forbidden 403

Post by toto1988 » 2012-03-07 20:16

Hat leider nichts geholfen :(

Apache config für suexec ist eine gute Frage..........?

Ja, greiner ist in der Gruppe www-data.

vhost


<VirtualHost *:80>
ServerAdmin qwer@web.de
ServerName asdfasdfsdf.de
ServerAlias asdfsadfsadf.de
SuexecUserGroup asdf asdf
AddHandler fcgid-script .php
DocumentRoot "/var/www/qwer/public_html"
DirectoryIndex index.htm index.html index.php
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/qwer/public_html">
Options Indexes MultiViews FollowSymLinks +ExecCGI
FCGIWrapper /var/www/qwer/fcgi/php-fcgi-start .php
Order allow,deny
allow from all
</Directory>
ErrorLog /var/www/qwer/logs/error.log
LogLevel warn
CustomLog /var/www/qwer/logs/access.log combined
ServerSignature On
</VirtualHost>



fcgi-start

#!/bin/sh
PHPRC="/var/www/qwer/conf/"
export PHPRC
export TMPDIR=/var/www/qwer/tmp
exec /usr/bin/php5-cgi

User avatar
Joe User
Project Manager
Project Manager
Posts: 11137
Joined: 2003-02-27 01:00
Location: Hamburg

Re: Apache2: php-cgi / fcgid - Forbidden 403

Post by Joe User » 2012-03-07 20:52

SuexecUserGroup muss identisch mit den Dateiinhabern sein.
PayPal.Me/JoeUserFreeBSD Remote Installation
Wings for LifeWings for Life World Run

„If there’s more than one possible outcome of a job or task, and one
of those outcomes will result in disaster or an undesirable consequence,
then somebody will do it that way.“ -- Edward Aloysius Murphy Jr.

toto1988
Posts: 33
Joined: 2007-05-22 18:04
Location: Bayern

Re: Apache2: php-cgi / fcgid - Forbidden 403

Post by toto1988 » 2012-03-07 21:47

Unter WinSCP steht "Besitzer" www-data -->

SuexecUserGroup www-data www-data

aber immer noch das selbe verhalten :(

User avatar
Joe User
Project Manager
Project Manager
Posts: 11137
Joined: 2003-02-27 01:00
Location: Hamburg

Re: Apache2: php-cgi / fcgid - Forbidden 403

Post by Joe User » 2012-03-07 22:51

SuexecUserGroup und die Dateirechte bitte auf "greiner users" setzen.
PayPal.Me/JoeUserFreeBSD Remote Installation
Wings for LifeWings for Life World Run

„If there’s more than one possible outcome of a job or task, and one
of those outcomes will result in disaster or an undesirable consequence,
then somebody will do it that way.“ -- Edward Aloysius Murphy Jr.

toto1988
Posts: 33
Joined: 2007-05-22 18:04
Location: Bayern

Re: Apache2: php-cgi / fcgid - Forbidden 403

Post by toto1988 » 2012-03-08 07:23

DocumentRoot (public_html)

drw-r----- 16 greiner users 4,0K 2. Mär 19:16 .
drwxr-xr-x 8 greiner users 4,0K 7. Mär 19:01 ..
drw-r----- 10 greiner users 4,0K 2. Mär 11:12 administrator
drw-r----- 2 greiner users 4,0K 2. Mär 11:12 cache
drw-r----- 2 greiner users 4,0K 2. Mär 11:12 cli
drw-r----- 13 greiner users 4,0K 2. Mär 11:14 components
-rwxrwxrwx 1 greiner users 2,1K 7. Mär 09:19 configuration.php
-rw-r--r-- 1 greiner users 3,1K 2. Mär 11:01 .htaccess
drw-r----- 4 greiner users 4,0K 3. Mär 16:40 images
drw-r----- 2 greiner users 4,0K 2. Mär 11:14 includes
-rw-r--r-- 1 greiner users 1,3K 2. Mär 11:01 index.php
-rw-r--r-- 1 greiner users 1,8K 2. Mär 11:01 joomla.xml
drw-r----- 5 greiner users 4,0K 2. Mär 19:11 language
drw-r----- 7 greiner users 4,0K 2. Mär 10:55 libraries
-rw-r--r-- 1 greiner users 18K 2. Mär 11:01 LICENSE.txt
drw-r----- 2 greiner users 4,0K 2. Mär 10:55 logs
drw-r----- 14 greiner users 4,0K 2. Mär 10:58 media
drw-r----- 26 greiner users 4,0K 2. Mär 10:59 modules
drw-r----- 13 greiner users 4,0K 2. Mär 11:00 plugins
-rw-r--r-- 1 greiner users 4,2K 2. Mär 11:01 README.txt
-rwxr-xr-x 1 greiner users 865 2. Mär 11:01 robots.txt
drw-r----- 10 greiner users 4,0K 4. Mär 17:15 templates
drw-r----- 10 greiner users 4,0K 7. Mär 10:35 tmp
-rwxr-xr-x 1 greiner users 1,7K 2. Mär 11:01 web.config.txt



vhost greiner
<VirtualHost *:80>
ServerAdmin qwer@web.de
ServerName qwer.de
ServerAlias http://www.qwer.de
SuexecUserGroup greiner users
AddHandler fcgid-script .php
DocumentRoot "/var/www/qwer/public_html"
DirectoryIndex index.htm index.html index.php
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/qwer/public_html">
Options Indexes MultiViews FollowSymLinks +ExecCGI
FCGIWrapper /var/www/qwer/fcgi/php-fcgi-start .php
Order allow,deny
allow from all
</Directory>
ErrorLog /var/www/qwer/logs/error.log
LogLevel warn
CustomLog /var/www/qwer/logs/access.log combined
ServerSignature On
</VirtualHost>
Last edited by toto1988 on 2012-03-08 07:23, edited 1 time in total.

User avatar
Joe User
Project Manager
Project Manager
Posts: 11137
Joined: 2003-02-27 01:00
Location: Hamburg

Re: Apache2: php-cgi / fcgid - Forbidden 403

Post by Joe User » 2012-03-08 11:25

Funktioniert es denn nach einem Apache-Restart nun?
Was steht im suexec.log?
PayPal.Me/JoeUserFreeBSD Remote Installation
Wings for LifeWings for Life World Run

„If there’s more than one possible outcome of a job or task, and one
of those outcomes will result in disaster or an undesirable consequence,
then somebody will do it that way.“ -- Edward Aloysius Murphy Jr.