Fresh install of Saucy. Apache2 configs from Raring are epic failure

Kevin O'Gorman kogorman at
Thu Dec 26 05:51:09 UTC 2013

On Wed, Dec 25, 2013 at 8:26 PM, Kevin O'Gorman <kogorman at> wrote:

> On Wed, Dec 25, 2013 at 7:57 PM, Tom H <tomh0665 at> wrote:
>> On Thu, Dec 26, 2013 at 2:28 AM, Kevin O'Gorman <kogorman at> wrote:
>>> Due to a GUI meltdown, I found it expedient to do a fresh install so I
>>> chose Xubuntu Saucy.
>>> All but one thing went well.  My web server is really down.
>>> Now mind, the basics work.  I can access things in /var/www it seems,
>>> but I usually keep only one file there.  I configure aliases to get to
>>> everything else.
>>> None of these are working.  Home directory pages are not working.  My
>>> specialized code is not working.
>>> And by not working I mean a pretty uniform 403 with an occasional 404.
>>>  The error log points the finger at my configuration, saying "client
>>> denied by server configuration"
>>> For example, I have a directory devoted to a dear departed canine
>>> companion named Ogden Gnash.  His stuff is stored in /www/Dogs/Oggie.
>>> I have an alias thus:
>>> Alias /Oggie /www/Dogs/Oggie
>>> <Directory /www/Dogs/Oggie>
>>>     Order allow,deny
>>>     Allow from all
>>> </Directory>
>>> And when I try to go to the browser tells me
>>> "You don't have permission to access /Oggie on this server." while the
>>> error log contains "
>>> [Wed Dec 25 18:22:22.504423 2013] [authz_core:error] [pid 6022:tid
>>> 140127561000704] [client] AH01630: client denied
>>> by server configuration: /www/Dogs/Oggie
>>> What could be clearer?  It sees the Alias, but does not give access,
>>> and it's not file permission (which I've checked anyway) but it's the
>>> server configuration.
>> From the README:
>> apache2 (2.4.1-1) unstable; urgency=low
>>   This package introduces a new major release of the Apache HTTP server. It is
>>   likely the site configuration needs changes to work with this release.
>>   Notable changes which need special care are:
>>   The module interface (ABI) has changed. If you have any locally compiled
>>   modules, you have to re-compile them for apache2 2.4.
>>   The authorization and authentication system has changed. Existing
>>   configurations using deprecated Order/Allow/Deny directives should be
>>   upgraded to the new system. Please review upstream's "Authentication,
>>   Authorization and Access Control Howto" [1]. However, "mod_access_compat" is
>>   loaded by default to provide backward compatibility.
>>   Furthermore, MPMs are simple modules now. Thus, the MPM can be changed
>>   at any time by (un-)loading a specific module. Be careful when upgrading. An
>>   example of changing the MPM is given below:
>>   a2dismod mpm_worker
>>   a2enmod mpm_prefork
>>   We did change the security model for Apache in our default configuration. We
>>   do not allow access to the file system outside /var/www and /usr/share.
>>   If you are running virtual hosts or scripts outside these directories, you
>>   need to whitelist them in your configuration to grant access through HTTP.
>>   Special care must be taken if you are using a sub-directory in /srv to serve
>>   your content as recommended by the File Hierarchy Standard (FHS). You must
>>   allow access to your served directory explicity in the corresponding virtual
>>   host, or by allowing access in apache2.conf as proposed.
>>   Moreover, the configuration mechanism in Debian has changed. All
>>   configurations in sites-enabled and conf-enabled need a ".conf" suffix now.
>>   The latter replaces the deprecated /etc/apache2/conf.d/ directory (which is
>>   not supported any more) and works just like {sites,mods}-{available,enabled}
>>   via the "a2enconf" tool. The upgrade tries to migrate known configuration
>>   files from /etc/apache2/conf.d/ to /etc/apache2/conf-available/ - please
>>   review these changes.
>>   Note this means all existing sites are ignored until they get a ".conf"
>>   suffix and are re-enabled by the use of a2ensite. The script in [3] can
>>   automate that for simple cases. This change also includes Debian default
>>   sites, so the default site has been renamed to 000-default to avoid naming
>>   confusions. The rename of the config files to *.conf makes the special
>>   handling inside apache2 to ignore *.dpkg-* backup files obsolete. This
>>   special handling has been removed.
>>   Users of mod_authn_dbm should switch to htdbm to manage their DBM user
>>   databases. The pure-perl management utility "dbmmanage" was removed as it was
>>   outdated and orphaned upstream.
>>   Packagers are advised to review whether their packages comply with this
>>   new version. Please see [2] for detailed documentation and instructions.
>>   [1]
>>   [2] </usr/share/doc/apache2/PACKAGING>
>>   [3] </usr/share/doc/apache2/>
>>  -- Arno Töll <arno at>  Fri, 23 July 2012 23:50:13 +0200
>> --
>> ubuntu-users mailing list
>> ubuntu-users at
>> Modify settings or unsubscribe at:
> Thanks for this.  There was enough that happened during installation
> that warned me of these changes.  As near as I can tell, all necessary
> changes have been made.  All the config files are in conf-available,
> and links are managed using the apache tools.
> The example with Oggie shows that my configuration is being read.  The
> permissions look right.  It just doesn't work.
> --
> Kevin O'Gorman
> programmer, n. an organism that transmutes caffeine into software.
> Please consider the environment before printing this email.

*ahem* I take it back.  And, really, thanks again.

Deciding to distrust the [1] document's promise of compatibility, I
copied some permissions stanzas from the new userdirs.conf file, and
lo and behold a bunch of directories are now visible.  In fact,
everything except my CGI stuff and user authentication is working.

I presume I'll have to actually learn the new stuff.  It will be like
starting over since this was all set up over 10 years ago, but I can
do that.


Kevin O'Gorman

programmer, n. an organism that transmutes caffeine into software.
Please consider the environment before printing this email.

More information about the ubuntu-users mailing list