|
Graham Dumpleton
graham.dumpleton at gmail.com
Thu Dec 20 23:46:32 EST 2007
On 21/12/2007, Charles Perreault <muganor at videotron.ca> wrote: > ~$: ls -las /home/user/public_html/ > 8 drwx--x--x 7 user user 4096 2007-12-20 21:58 . > 64 drwx--x--x 71 user user 49152 2007-12-20 23:01 .. > 8 drwx--x--x 5 user user 4096 2007-12-16 22:04 cgi-bin > 0 drwxr-xr-x 2 user user 1 2007-12-16 11:24 download > 4 -rw-r--r-- 1 user user 1150 2007-11-06 20:45 favicon.ico > 4 -rw-r--r-- 1 user user 66 2007-12-16 22:29 test.psp > 4 -rw-r--r-- 1 user user 401 2007-12-16 00:31 index.html > 4 -rw-r--r-- 1 user user 106 2007-12-17 16:16 komodo.html > 4 -rw-r--r-- 1 user user 206 2007-12-16 23:57 komodo.py > 4 -rw-r--r-- 1 user user 134 2007-12-16 23:23 mptest.py > 4 drwx--x--x 5 user user 72 2007-12-17 16:24 noel > 8 drwx--x--x 10 user user 4096 2007-12-16 01:01 photos > 0 drwx------ 4 user user 16 2007-11-26 21:56 upload > > Yes Apache is running as user and group 'www-data'. I know about file > permissions and ACL a lot. The complaint in error.log is about Apache > Multiviews, which I don't care if it doesn't work. In fact I'm thinking > about disabling it. You say Apache needs reading option on directories, > which from my experience is only true IF you want it to be able to > create a directory listing (which is a minor security issue and must be > enabled on a per-directory basis). True, although looks like MultiViews may depend on getting directory listing as well and thus the error. > Else, indeed files need reading > permissions and folders only need execute. Does mod_python .psp_ > debugging rely on Multiview and therefore on folder reading permissions ??? No, doesn't require MultiViews so safe to disable that option. Can't see how it would make a difference though. Can't think of anything else at the moment and don't have access to mod_python code to look at it. BTW, as far as teaching a class, any reason why you didn't go for web stuff that works to WSGI interface rather than mod_python? WSGI is the way Python is heading and way more hosting options available for it. > Charles > > > > Graham Dumpleton wrote: > > What do you get if you run: > > > > ls -las /home/user/public_html/ > > > > Apache complaining about directory permissions is pretty significant. > > Because Apache is running as a special user, it must have read/search > > access to that directory plus the parent user directory. > > > > It is odd though that you would get this complaint if straight .psp > > file is working. > > > > Graham > > > > On 21/12/2007, Charles Perreault <muganor at videotron.ca> wrote: > > > >> The Apache access/error log don't say much : > >> > >> access.log : > >> 127.0.0.1 - - [20/Dec/2007:21:59:48 -0500] "GET /~user/test.psp_ > >> HTTP/1.1" 403 326 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; > >> rv:1.8.1.10) Gecko/20071128 Ubuntu/8.04 (hardy) Firefox/2.0.0.10" > >> > >> error.log : > >> [Thu Dec 20 21:59:48 2007] [error] [client 127.0.0.1] (13)Permission > >> denied: cannot read directory for multi: /home/user/public_html/ > >> > >> The same lines are repeated for each access to test.psp_. > >> > >> Thank you, > >> > >> Charles > >> > >> > >> Graham Dumpleton wrote: > >> > >>> In the Apache access/error log, what is it saying when trying to > >>> access the .psp_ file? > >>> > >>> There should be an indication as to what Apache has matched the URL to > >>> in the file system. With that can tell why configuration may not be > >>> working. > >>> > >>> Graham > >>> > >>> On 21/12/2007, Charles Perreault <muganor at videotron.ca> wrote: > >>> > >>> > >>>> Hello, > >>>> > >>>> I'm teaching a class on web applications and I want my students to use > >>>> mod_python. They'll have a couple of assignments during the semester, all > >>>> to be done in python cgi (first assignment, just to get started) and psp. > >>>> I'm now setuping Apache on our Ubuntu 7.10 server (Apache/2.2.4 (Ubuntu) > >>>> mod_python/3.3.1 Python/2.5.1 Server). All configuration have to be done on > >>>> server / virtual host config, forget the .htaccess (way to much trouble for > >>>> students). > >>>> > >>>> My students will program their sites in their home folder (~/public_html). > >>>> I want them to be able to both use mod_python.psp and mod_python.publisher, > >>>> as I'll show them to use the both methods to create web applications. So > >>>> far, I've easily been able to make both work in the same directory using the > >>>> following configuration (on Debian/Ubuntu httpd.conf is splitted in multiple > >>>> files, allowing to enable/disable modules easily) : > >>>> > >>>> userdir.conf > >>>> ---------------------- > >>>> <IfModule mod_userdir.c> > >>>> UserDir public_html > >>>> UserDir disabled root > >>>> > >>>> <Directory /home/*/public_html> > >>>> AllowOverride FileInfo AuthConfig Limit > >>>> Options MultiViews Indexes SymLinksIfOwnerMatch > >>>> IncludesNoExec > >>>> > >>>> AddHandler mod_python .py .psp .psp_ > >>>> PythonHandler mod_python.psp | .psp .psp_ > >>>> PythonHandler mod_python.publisher | .py > >>>> PythonDebug On > >>>> </Directory> > >>>> </IfModule> > >>>> > >>>> So you see I'm trying to assign .psp and .psp_ to mod_python.psp and .py to > >>>> publisher. So http://localhost/~user/test.py and > >>>> http://localhost/~user/test.psp both work. However, psp debugging with the > >>>> underscore trick (.psp_) don't work. I get a 403 forbidden error when I try > >>>> to access http://localhost/~user/test.psp_. > >>>> > >>>> Of course, test.psp exists. From what I read, test.psp_ don't need to > >>>> exist because the psp handler will understand that a debug request was done. > >>>> But it's not working. However, if I create a symbolic link to test.psp : > >>>> > >>>> ln -s test.psp test.psp_ > >>>> > >>>> the debug request works. I get to see the generated PSP-produced python > >>>> code and psp-html source. > >>>> > >>>> I must be missing something. Is there an Apache configuration that could > >>>> be enabled by default that would prevent me to access .psp_ files that don't > >>>> exist, before the mod_python.psp handler could do its magic ? > >>>> > >>>> Anyone please can help ? Thank you, > >>>> > >>>> > >> > >
|