128226 – running yast2-http-server disables mod_userdir in apache2

Bug 128226 - running yast2-http-server disables mod_userdir in apache2

Summary: running yast2-http-server disables mod_userdir in apache2

Status:	RESOLVED FIXED
Duplicates (1):	176758 (view as bug list)

Alias:	None

Product:	SUSE LINUX 10.0
Classification:	openSUSE
Component:	YaST2 (show other bugs)
Version:	Final
Hardware:	i586 Other

Priority:	P5 - None Severity: Major
Target Milestone:	---
Assignee:	Michal Zugec
QA Contact:	Klaus Kämpf

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-10-13 20:21 UTC by Martin Vidner
Modified:	2007-02-13 08:30 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
diff -urN /etc/apache2 /etc/apache2.new (3.12 KB, text/plain) 2005-10-13 20:23 UTC, Martin Vidner	Details
y2logs.tgz (1.50 MB, application/x-gzip) 2005-10-13 20:25 UTC, Martin Vidner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Vidner 2005-10-13 20:21:46 UTC

mod_userdir is enabled by default in apache2, allowing access to /~user/... 
I ran yast2 http-server and just clicked next in the five step wizard. 
Afterwards, /~user returned 403 Forbidden. 
I found out that in the file /etc/apache2/default-server.conf the directive 
<IfModule mod_userdir.c>... (which includes /etc/apache2/mod_userdir.conf) 
disappeared.

Comment 1 Martin Vidner 2005-10-13 20:23:21 UTC

Created attachment 53980 [details]
diff -urN /etc/apache2 /etc/apache2.new

Comment 2 Martin Vidner 2005-10-13 20:25:14 UTC

Created attachment 53981 [details]
y2logs.tgz

Comment 3 Michal Zugec 2005-10-14 12:49:55 UTC

When you start wizard, it creates default working configuration. 
Do you want to add this module to defaul enable modules?

Comment 4 Bill Wayson 2005-11-09 23:07:27 UTC

I've seen this problem on the two apache 2 web servers installed with SuSE Linux 10.0.  My reply to Michal Zugec is:

o If enabling mod_userdir by default creates a "significant" security risk, then place the directive in default-server.conf, comment the purpose they serve, but comment them out;
o If there is no security issue, then include them in default-server.conf and leave them active;
o Or cause an "Include..." line to be autogenerated in httpd.conf based on mod_userdir being enabled in Yast;
o Or, at the very least, document in the System Adminstration manual what needs to be done to enable mod_userdir.

Thanks for your time with this.

Comment 5 Michal Zugec 2005-11-30 15:20:20 UTC

This needs some changes in config files.
(Remove some directives from default-server.conf to httpd.conf)
I will work on it with apache2 maintainer

Comment 6 Michal Zugec 2006-01-23 08:24:46 UTC

fixed

Comment 7 Michal Zugec 2006-01-23 08:43:11 UTC

change to fixed

Comment 8 Jean-Daniel Dodin 2006-04-11 16:42:14 UTC

how was this bug fixed? I just made a 10.0 install, update and the big is still there
jdd

Comment 9 Michal Zugec 2006-04-11 16:45:09 UTC

was fixed for 10.1

Comment 10 Peter Poeml 2007-02-13 08:30:49 UTC

*** Bug 176758 has been marked as a duplicate of this bug. ***