Lighttpd static file server 403 forbidden error
Solution 1
You can't access your www
folder because www-data
user only has 4 right (user:group jurre:www-data
and rights 740) which means no execution right on www
folder, only read (read folder name and attributes).
You need execution right on folder, because executing a folder means opening it (to list files or to enter it). You can do this with your own user jurre
(right 7) but www-data
does not have the execution bit set.
Change your right on this folder for 750 and try again.
Solution 2
Another frequent issue is an active SELinux on the machine.
Even with correct permissions on the directory tree, you will still get a 403 if the directory wasn't registered in SELinux.
chcon -R -h -t httpd_sys_content_t /absolute/path
will fix this.
Related videos on Youtube
Admin
Updated on September 18, 2022Comments
-
Admin over 1 year
I installed lighttpd on Debian Jessie for serving static files, I have a USB drive mounted at /media/storage, with /media/storage/www as my document root and my lighttpd.conf looks like this:
server.modules = ( "mod_access", "mod_alias", "mod_compress", "mod_redirect", # "mod_rewrite", ) server.document-root = "/media/storage/www/" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/var/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80 index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) compress.cache-dir = "/var/cache/lighttpd/compress/" compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) # default listening port for IPv6 falls back to the IPv4 port include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port include_shell "/usr/share/lighttpd/create-mime.assign.pl" include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
I want to be able to edit the website with my normal user "jurre". So I did "sudo chown jurre:www-data /media/storage/www" and "sudo chmod 740 /media/storage/www" (so I can read, write and execute files, but the web server can only read). Of course I logged out and back in again and then restarted lighttpd after this. I added a simple index.html with "Hello World!" to test the setup, but I keep getting a 403 forbidden error when surfing to
ls -l in /media/storage/www :
total 8 -rw-r--r-- 1 jurre www-data 58 May 16 16:43 index.html
I have also checked the lighttpd error log, but it only shows when the web server was shutdown and started again, no errors whatsoever in the log.
-
philippe about 9 years
chown -R www-data:www-data
is bad practice as it gives the whole control to the userwww-data
which does not need write privileges. furthermoresudo chown -R www-data:www-data /media/storage/www/*
would not have solved the issue, as only files and folders after/media/storage/www
would have been affected, and not/media/storage/www
itself. 775 rights is again bad practice as other world does not need any read/exec access, andwww-data
does not need to erase/movewww
folder. 710 Would have been sufficient.