Apache2 serving directories beneath a symlink
On one of my machines, /opt is a symlink (for reasons best not gone into, because they make my head hurt): /opt -> /otherdir/opt I need apache2 to serve a directory in the /opt tree (/opt/webapp/htdocs). For ridiculous (but unavoidable) reasons, I cannot refer to the DocumentRoot by its real path (/otherdir/opt/webapp/htdocs), but must refer to it by its linked path. I've got apache set up with the right confs, and "Options FollowSymLinks" specified _EVERYWHERE_. And yet, when I browse to the site I get a 403. And, in the logs, I get this: [Mon Oct 09 11:36:56 2006] [error] [client 192.168.1.65] Symbolic link not allowed or link target not accessible: /opt /opt, being a symlink, is 777. The directory to which it points is owned by root:root, but is permissioned 755 -- which is to say, apache has the rx permissions that it should need. Anyone have any tips on what might be going on? Am I violating some kind of fundamental apache security thing here? Or is there a way to do what I need to do. TIA - Ian
A symbolic link always has permissions of 777, but the permissions of the directory to which the symbolic link points to are the permissions used. In your case the permissions of 755 root:root. I will assume that the /opt was moved to a partition which had more space and they just made a symbolic link pointing to the new location. As for the permissions of 755 this does not give apache rw access, well it does only if you have apache running as root (silly thing to do). But you really do not care if apache has rw to /opt, it just needs read access. Apache does need rw access to /otherdir/opt/webapp/htdocs. Mike Marlier, Ian wrote:
On one of my machines, /opt is a symlink (for reasons best not gone into, because they make my head hurt): /opt -> /otherdir/opt
I need apache2 to serve a directory in the /opt tree (/opt/webapp/htdocs). For ridiculous (but unavoidable) reasons, I cannot refer to the DocumentRoot by its real path (/otherdir/opt/webapp/htdocs), but must refer to it by its linked path.
I've got apache set up with the right confs, and "Options FollowSymLinks" specified _EVERYWHERE_.
And yet, when I browse to the site I get a 403. And, in the logs, I get this: [Mon Oct 09 11:36:56 2006] [error] [client 192.168.1.65] Symbolic link not allowed or link target not accessible: /opt
/opt, being a symlink, is 777. The directory to which it points is owned by root:root, but is permissioned 755 -- which is to say, apache has the rx permissions that it should need.
Anyone have any tips on what might be going on? Am I violating some kind of fundamental apache security thing here? Or is there a way to do what I need to do.
TIA
- Ian
Marlier, Ian wrote:
I need apache2 to serve a directory in the /opt tree (/opt/webapp/htdocs). For ridiculous (but unavoidable) reasons, I cannot refer to the DocumentRoot by its real path (/otherdir/opt/webapp/htdocs), but must refer to it by its linked path.
I've got apache set up with the right confs, and "Options FollowSymLinks" specified _EVERYWHERE_.
You need to make sure that _EVERYWHERE_ includes the section for Directory "/".
And yet, when I browse to the site I get a 403. And, in the logs, I get this: [Mon Oct 09 11:36:56 2006] [error] [client 192.168.1.65] Symbolic link not allowed or link target not accessible: /opt
/opt, being a symlink, is 777. The directory to which it points is owned by root:root, but is permissioned 755 -- which is to say, apache has the rx permissions that it should need.
And what is the permission of /otherdir? It must have at least x for other, maybe even rx (I don't know if Apache calls getcwd() there). If /otherdir is not a single directory, but somewhere deeper in the file tree, this permission must be given for all directories in this path. If that's the case, you need to use the real path for testing; to check the access rights problem first and the symlink problem later. I.e., first test that you can access the document root with the real path, then exchange it to /opt to test that the symlink access works (or not). If that's not possible, you need to spell out the "ridiculous reasons" why you cannot use /otherdir/opt/webapp/htdocs in your Apache config, not even for testing. HTH, Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany
participants (3)
-
Joachim Schrod -
Marlier, Ian -
Mike Noble