*New 11.4 series Release:
2020-07-03: XigmaNAS - released!

*New 12.1 series Release:
2020-04-17: XigmaNAS - released

We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

cannot access web site unless running as root

Webserver service.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
Posts: 2
Joined: 25 Nov 2013 05:14
Status: Offline

cannot access web site unless running as root


Post by TheKojukinator »

Hi All,

I don't know why this simple thing is giving me so much trouble, but basically I've got a ZFS volume, and I'm trying to use a folder in it as wwwroot and host it via the Webserver service. However, whenever I access the website I always get error 403, unless Webserver service is running as root.

So here are the settings I've used:

Code: Select all

Protocol: HTTP
Port: 81
Run as: www
Document root: /mnt/vault/vault.share/_wwwroot
 - /mnt/vault/ is the zfs pool, and /vault.share/ is the zfs dataset which is shared out via SMB, and /_wwwroot/ is the folder I made for the website
Upload directory: /var/tmp/ftmp
Authentication: off
Directory listing: on
Auxiliary parameters: empty
Now if I perform the following on the directory I created:

Code: Select all

# chown -R www:www /mnt/vault/vault.share/_wwwroot
# chmod -R 777 /mnt/vault/vault.share/_wwwroot
And then restart the Webserver, this is the directory listing I'll get:

Code: Select all

#ls -l
drwxrwxrwx  2 www        www        3 Dec 21 16:17 _wwwroot
#ls -l _wwwroot/
-rw-------  1 www  www  48 Dec 21 16:26 .websrv_htpasswd
If I then go to I get 403
If I go back to my Webserver service settings and set it to run as root, it will begin serving pages.

Another interesting thing is if I'm running with Authentication turned on in Webserver settings, and Run as www, then I get prompted to authenticate to my website. Of course, nothing gets accepted, and when I cancel out and go to my logs, this is what I get:

Code: Select all

Dec 21 16:31:09	exanasv2	lighttpd[32133]: (http_auth.c.777) get_password failed, IP:
Dec 21 16:31:09	exanasv2	lighttpd[32133]: (http_auth.c.159) opening plain-userfile /mnt/vault/vault.share/_wwwroot/.websrv_htpasswd failed: Permission denied
Even though obviously www has access to that .websrv_htpasswd! Now, if I switch to Webserver running as root, the authentication works! I can log in with my only existing user.

Of course I am looking at that scary text that says:

Code: Select all

Set what user the service will run as (www by default). 
NOTE: Running as root is not recommended for security reasons, use it on your own risk!
So I'm not sure if the solution is to just say screw it and run as root, but if that isn't the right way then I wanna do that.

~_~ This is driving me nuts, I'm not a unix guru, but cmon... can't even get something to work that supposedly is just a checkbox away... help me guys lol.

I don't need authentication to work. I just want easy free-for-all access to a flat-file website that lives in a folder in my vault. Please help :)

Oh I dunno if this is helpful for diagnostics, but here's a dump of the /var/etc/websrv.conf:

Code: Select all

server.port = 81
server.username = "www"
server.groupname = "www"
server.document-root = "/mnt/vault/vault.share/_wwwroot"
server.dir-listing = "enable"
dir-listing.activate = "enable"
dir-listing.hide-dotfiles = "enable"
dir-listing.encoding = "utf-8"
server.modules = (
server.errorlog-use-syslog = "enable"
# debugmode debug.log-request-handling enable/disable
debug.log-request-handling = "disable"
#server.event-handler = "freebsd-kqueue"
server.event-handler = "libev"
server.max-write-idle = 360
index-file.names   = ( "index.php", "index.html", "index.htm", "index.shtml", "default.htm" )
# set trust path
setenv.add-environment = ( "PATH" => "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" )
#$HTTP["url"] =~ "\.(js|css|png|gif|jpg)$" {
#    expire.url = ( "" => "access plus 1 hours" )
# mimetype mapping
mimetype.assign             = (
  ".pdf"          =>      "application/pdf",
  ".sig"          =>      "application/pgp-signature",
  ".spl"          =>      "application/futuresplash",
  ".class"        =>      "application/octet-stream",
  ".ps"           =>      "application/postscript",
  ".torrent"      =>      "application/x-bittorrent",
  ".dvi"          =>      "application/x-dvi",
  ".gz"           =>      "application/x-gzip",
  ".pac"          =>      "application/x-ns-proxy-autoconfig",
  ".swf"          =>      "application/x-shockwave-flash",
  ".tar.gz"       =>      "application/x-tgz",
  ".tgz"          =>      "application/x-tgz",
  ".tar"          =>      "application/x-tar",
  ".zip"          =>      "application/zip",
  ".mp3"          =>      "audio/mpeg",
  ".m3u"          =>      "audio/x-mpegurl",
  ".wma"          =>      "audio/x-ms-wma",
  ".wax"          =>      "audio/x-ms-wax",
  ".ogg"          =>      "application/ogg",
  ".wav"          =>      "audio/x-wav",
  ".gif"          =>      "image/gif",
  ".jar"          =>      "application/x-java-archive",
  ".jpg"          =>      "image/jpeg",
  ".jpeg"         =>      "image/jpeg",
  ".png"          =>      "image/png",
  ".svg"          =>      "image/svg+xml",
  ".xbm"          =>      "image/x-xbitmap",
  ".xpm"          =>      "image/x-xpixmap",
  ".xwd"          =>      "image/x-xwindowdump",
  ".css"          =>      "text/css",
  ".html"         =>      "text/html",
  ".htm"          =>      "text/html",
  ".js"           =>      "text/javascript",
  ".asc"          =>      "text/plain",
  ".c"            =>      "text/plain",
  ".cpp"          =>      "text/plain",
  ".log"          =>      "text/plain",
  ".conf"         =>      "text/plain",
  ".text"         =>      "text/plain",
  ".txt"          =>      "text/plain",
  ".spec"         =>      "text/plain",
  ".dtd"          =>      "text/xml",
  ".xml"          =>      "text/xml",
  ".mp4"          =>      "video/mp4",
  ".mpg4"         =>      "video/mp4",
  ".mpeg"         =>      "video/mpeg",
  ".mpg"          =>      "video/mpeg",
  ".mov"          =>      "video/quicktime",
  ".qt"           =>      "video/quicktime",
  ".avi"          =>      "video/x-msvideo",
  ".asf"          =>      "video/x-ms-asf",
  ".asx"          =>      "video/x-ms-asf",
  ".wmv"          =>      "video/x-ms-wmv",
  ".bz2"          =>      "application/x-bzip",
  ".tbz"          =>      "application/x-bzip-compressed-tar",
  ".tar.bz2"      =>      "application/x-bzip-compressed-tar",
  ".rpm"          =>      "application/x-rpm",
  # make the default mime type application/octet-stream.
  ""              =>      "application/octet-stream",
url.access-deny = ( "~", ".inc", ".websrv_htpasswd" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
server.pid-file = "/var/run/websrv.pid"
cgi.assign = (".php" => "/usr/local/bin/php-cgi-websrv")
server.tag = "webserv"
server.upload-dirs = ( "/var/tmp/ftmp" )
server.max-request-size = 16777216

Post Reply

Return to “WebServer”