Here’s one for my web development knowledge base. Most likely no one except for myself will care about this entry but it’ll be valuable for me to look back on when I need to do this again. For everyone else, I’ll try to include enough information so it’ll make some kind of sense.

I’m currently setting up a Red Hat Linux box at work that will serve as our main development server. Something I would like to be able to do with this new server is give each developer their own web space. This way each developer can checkout of copy of our code base from CVS into their own web space and work with it there. When they’re finished with a certain task they check their code back into the CVS repository. Periodically, I will update the code in our testing area and see if everything looks good. If it does, then I’ll sync the code to our production server. Of course, right now there is only one developer (me) but we do occasionally contract with a developer in Australia so having personal working areas is definitely beneficial.

I figured the easiest way to give users their own web spaces is to use Apache’s UserDir directive. The way it works is this. Each user on the server has a ‘home’ directory where they store all of their files. If you create a directory within your home directory called ‘public_html’ then anything within that directory will be available on the web. You generally use a URL like ‘www.server.com/~user’ to view the pages in someone’s public_html directory.

That sounds simple enough. The problem is that Apache (the web server) can be very picky about the permissions on the public_html directory and the user and group that the Apache process runs as. This is not really a bad thing as security is very important. I would just have to set the permissions on public_html right. However, I kept getting “Forbidden” messages when trying to access anything in my public_html directory. I tried all different combinations of permissions and users and found that even if the public_html had full read and write permissions the only way I could view web pages in my public_html directory was to run Apache as my own userid. Not a solution at all. Even if I changed the owership of the public_html directory to another user and ran Apache as that user I would still be “Forbidden”. Which got me thinking. Maybe it has something to do with the permissions on my home directory itself. I assumed the permissions on the public_html directory would be only thing that really mattered but maybe there was more to it.

So I checked out the permissions on my home directory. It turns out default permissions on home directories in Red Hat 8.0 are pretty darn tight. Only the owner can view files. Nobody else can do anything at all. So, after a couple of changes to the it worked. Apparently, Apache looks at the permissions on the home directory before doing anything with the public_html directory. I wish it had been documented a little better but at least now I know.