Category: Unix

Permission denied: /home/username/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

Posted on by shiplu

I usually dump any html doc or any website in my public_html folder.  For example I have ExtJS dumped in public_html/extjs so I can see the docs in http://localhost/~shiplu/extjs/

For some days when I tried to access that url I was getting

[Thu Nov 07 21:50:39 2013] [crit] [client 127.0.0.1] (13)Permission denied: /home/shiplu/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

Replace ‘shiplu’ with your username to mach an error for your own.  I have .htaccess file in public_html folder. I was wondering why apache was looking for it inside my home directory?

Then I discovered that I have 700 mode on my home directory (/home/shiplu). So apache maps the path /extjs to /home/shiplu/public_html/extjs and look for .htaccess file on every folder in the path way.  While looking for /home/.htaccess it found the file doesn’t exists. In the next step while reading /home/shiplu/.htaccess,  it couldn’t even determine files existence  due to lack of permission.

The easy solve was to give read access to my home directory.  But I want to give read access only to apache. Not to anything else.  So I add apache in my group and give my group users to read access it. Why my group? because home directory of a user is usually owned by the users own group and the user himself.

To find your group name run `id` in the console.


$ id
uid=1000(shiplu) gid=1000(shiplu) groups=1000(shiplu),4(adm),20(dialout),24(cdrom),46(plugdev),105(lpadmin),112(netdev),115(admin),116(sambashare),129(scanner),143(kvm),144(libvirtd)

Here gid indicates my group name which is shiplu.  Also to make sure you own your home directory  run ls /home -l


total 20
drwxr-xr-x  50 hacker  hacker   4096 Nov  7 20:20 hacker
drwxr-x--- 183 shiplu  shiplu  16384 Nov  7 21:55 shiplu

See the two ‘shiplu’? The second one is the group name that owns the /home/shiplu directory.

So give the owner group of /home/shiplu read+execute access.


# chmod  750 /home/shiplu

 

And assign apache user to the shiplu group.

usermod -a -G shiplu www-data

www-data is the username of apache user. Now restart apache. and it’ll be able to access.

Determine outgoing apache bandwidth usage with built in commands

Posted on by shiplu

To find the bandwidth usage of your Apache server, you can use many existing tools. Like vnstat, awstat.  The most common thing about these tools is they need the utility installed. What if you dont have this installed and you want to calculate your bandwidth? This is can be easily done by parsing Apache access logs. This technique will only work if you are a web master and you have no other bandwidth eating service other than apache. Most web developers will fall in this category. So here is the technique to find apache bandwidth usage.

Note: You need ssh access to perform these actions. Also I assume you have not deleted your log files.

  1. Determine the date range for which you want to find the bandwidth usage for. For example I want to deter mine bandwidth usage from Oct 1st 2012 to Oct 30 2012. Note you must have access log files for that range.
  2. Now the big command. Assuming your apache log directory is /var/log/apache2 
    1. find /var/log/apache2 -type f \
    -name '*.gz' \
    -newermt "2012-10-01 00:00:00" \
    -not \
    -newermt "2012-10-30 23:59:59" \ 
    -exec zcat '{}' \; | 
egrep '"[^"]+" +200 [0-9]+' -o | 
awk '{sum+=$(NF)} END {print sum/1024/1024/1024 " GB"}'
  3. This will print something like “34.345 GB

7 steps to stop ssh from asking password

Posted on by shiplu

If you have to do a lot of ssh, scp for a remote server you might find it annoying that it asks  for password. It asks for password in a separate tty so you can not even automate it. If typing password bothers you too much you can change it so it wont ask you again. We are not turning of any authentication or disabling anything. We’ll just use a key file thats it.

Say your server name is server. And you are in a linux box.  Follow these steps.

  1. In the terminal run 
    ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/shiplu/.ssh/id_rsa):
  2. In the ‘Enter file in which to save the key’ prompt type a file name where you want to store the key. Dont just press enter which will overwrite the current key file. Suppose you enter my-key.
  3. It’ll ask for a passphrase twice. Dont put anything. Just press enter twice to make it password less.
  4. You’ll see two files my-key and my-key.pub is created. Now copy the my-key.pub to your server by scp/rcp/rsync. This will be the last time you are copying something with password!
  5. Login to the server. Remember the login username. On the serverrun this command. 
    cat /path/to/my-key.pub >> ~/.ssh/authorized_keys

    This command will add the public key in .ssh/authorized_keys in login users home directory (~).

  6. Now from the workstationyou can login without password by 
    ssh -i /path/to/my-key -l LOGIN_USERNAME server
  7. For later convenience, put this in your ~/.bashrcfile 
    alias server_ssh='ssh -i /path/to/my-key -l LOGIN_USERNAME'
alias server_scp='scp -i /path/to/my-key -l LOGIN_USERNAME'

Now you can login easily by

server_ssh server