ZoneMinder Forums

Posted: **Sun Jan 03, 2016 6:35 pm**

Hi, I'm new to IP camera's, Zoneminder and linux, so bare with me. At AliExpress I bought an ONVIF type camera (http://www.aliexpress.com/item/Security ... 72225.html).

I've got it working with the supplied CMS software under Windows. Since I'm experimenting with linux on RPI's I also would like to try to get this going on linux. I installed Ubuntu 15.10 to be able to install Zoneminder 1.29 which I read has made a start with suppor for ONVIF cameras. I followed the instructions here (http://zoneminder.readthedocs.org/en/st ... rom-source) to build ZM 1.29 from source. Which went smooth. Didn't notice any error messages.

However, trying to access ZM ends with the auth error listed in the subject line. I can access the apache default page (without /zm) just fine. /etc/apache2/conf-available/zoneminder.conf looks exactly like the one listed in the install instructions:

Code: Select all

# Remember to enable cgi mod (i.e. "a2enmod cgi").
ScriptAlias /zm/cgi-bin "/usr/local/libexec/zoneminder/cgi-bin"
<Directory "/usr/local/libexec/zoneminder/cgi-bin">
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    AllowOverride All
    Require all granted
</Directory>

Alias /zm /usr/local/share/zoneminder/www
<Directory /usr/local/share/zoneminder/www>
  php_flag register_globals off
  Options Indexes FollowSymLinks
  <IfModule mod_dir.c>
    DirectoryIndex index.php
  </IfModule>
</Directory>

<Directory /usr/local/share/zoneminder/www/api>
    AllowOverride All
</Directory>

Looking at /usr/local/share/zoneminder/www from what I can find out about auth this should be ok (?)

skywalker@uServer-Watchdog:/usr/local/share/zoneminder$ stat www/
File: ‘www/’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 161442 Links: 12
Access: (0755/drwxr-xr-x) Uid: ( 33/www-data) Gid: ( 33/www-data)
Access: 2016-01-02 23:07:08.649415428 +0100
Modify: 2016-01-02 22:20:13.604171401 +0100
Change: 2016-01-02 22:57:36.223460950 +0100

Like I said, I'm a linux novice and not sure what else I could check. BTW, on Ubuntu 14.x I had an older version of Zoneminder working just fine. Well, the web part worked. The camaera didn't yet. That's why I am trying 1.29.

Hopefully it's something simple someone can help me with.

Thanks in advance.

Btw2. I'm running Ubuntu/Zoneminder under VirtualBox and use port forwarding to go to ZM. For the older version I used the same setup which worked fine.

Posted: **Mon Jan 04, 2016 1:36 pm**

That error message is not coming from ZoneMinder. It is coming from Apache.
You need to look in your Apache logs and see what it is saying.

Posted: **Mon Jan 04, 2016 1:43 pm**

Try this:

Set permissions of /etc/zm/zm.conf to root:www-data 740

chmod 740 /etc/zm/zm.conf

chown root:www-data /etc/zm/zm.conf

Not everything in those instructions is current or accurate...

Posted: **Mon Jan 04, 2016 8:08 pm**

Hi bbunge, did as you wrote but still get the same error message. There is no /zm directory though. zm.conf lives in /etc as you can see below.

skywalker@uServer-Watchdog:/etc$ stat zm.conf
File: ‘zm.conf’
Size: 1344 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 283297 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2016-01-04 20:46:57.604000000 +0100
Modify: 2016-01-02 22:18:10.000000000 +0100
Change: 2016-01-02 22:19:46.067873565 +0100
Birth: -
skywalker@uServer-Watchdog:/etc$ sudo chmod 740 zm.conf
[sudo] password for skywalker:
skywalker@uServer-Watchdog:/etc$ stat zm.conf
File: ‘zm.conf’
Size: 1344 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 283297 Links: 1
Access: (0740/-rwxr-----) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2016-01-04 20:46:57.604000000 +0100
Modify: 2016-01-02 22:18:10.000000000 +0100
Change: 2016-01-04 20:56:31.320229115 +0100
Birth: -
skywalker@uServer-Watchdog:/etc$ sudo chown root:www-data zm.conf
skywalker@uServer-Watchdog:/etc$ stat zm.conf
File: ‘zm.conf’
Size: 1344 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 283297 Links: 1
Access: (0740/-rwxr-----) Uid: ( 0/ root) Gid: ( 33/www-data)
Access: 2016-01-04 20:46:57.604000000 +0100
Modify: 2016-01-02 22:18:10.000000000 +0100
Change: 2016-01-04 20:57:18.376409610 +0100
Birth: -

Forbidden

You don't have permission to access /zm/ on this server.
Apache/2.4.12 (Ubuntu) Server at 192.168.1.250 Port 30080

Posted: **Mon Jan 04, 2016 8:28 pm**

Also checked the Apache logs as knnniggett mentioned and I should have done first of course. It shows the following:

[Mon Jan 04 21:17:14.345338 2016] [authz_core:error] [pid 1214] [client 10.0.2.2:51729] AH01630: client denied by server configuration: /usr/local/share/zoneminder/www/

But the auth bits of this directory are shown in the initial post above. Repeated below. Is this correct?

skywalker@uServer-Watchdog:/usr/local/share/zoneminder$ stat www/
File: ‘www/’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 161442 Links: 12
Access: (0755/drwxr-xr-x) Uid: ( 33/www-data) Gid: ( 33/www-data)
Access: 2016-01-02 23:07:08.649415428 +0100
Modify: 2016-01-02 22:20:13.604171401 +0100
Change: 2016-01-02 22:57:36.223460950 +0100

Posted: **Mon Jan 04, 2016 8:39 pm**

That error message means there is an Apache permission problem, not a filesystem permission problem.
You are missing the "Require all Granted" statement inside the /usr/local/share/zoneminder <directory> block

Posted: **Mon Jan 04, 2016 10:02 pm**

Just go ahead and do step 14 and it will work. Looks like I re-ordered by mistake. So do Step 14, then make sure you complete Steps 11-13

(I just rebuilt the code from source following the instructions verbatim - with the fix I mentioned above)

I'll submit a fix.

Posted: **Tue Jan 05, 2016 1:36 am**

Here is the top level Directory block from the main apache2.conf file that ships with Ubuntu:

Code: Select all

# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

What this means is that, the default permission is to deny access, rather than allow. To override that, you have to add a "Require all Granted" statement to each custom Directory block you create.

Posted: **Tue Jan 05, 2016 8:53 pm**

After step14 the permission problem is solved. Got a message about the time zone though. I guess step 12 and 13 should be reversed too. After that all's well.

Thanks a bunch!

Posted: **Tue Oct 03, 2017 11:02 am**

Have the same problem but can't find step 14 to fix it. What to do to solve the Problem?
viewtopic.php?f=36&t=26580

ZoneMinder Forums

Forbidden - You don't have permission to access /zm/ on this server.

Forbidden - You don't have permission to access /zm/ on this server.

Re: Forbidden - You don't have permission to access /zm/ on this server.

Re: Forbidden - You don't have permission to access /zm/ on this server.

Re: Forbidden - You don't have permission to access /zm/ on this server.

Re: Forbidden - You don't have permission to access /zm/ on this server.

Re: Forbidden - You don't have permission to access /zm/ on this server.

Re: Forbidden - You don't have permission to access /zm/ on this server.

Re: Forbidden - You don't have permission to access /zm/ on this server.

Re: Forbidden - You don't have permission to access /zm/ on this server.

Re: Forbidden - You don't have permission to access /zm/ on this server.