LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-26-2003, 04:23 PM   #1
jenna_h
Member
 
Registered: Nov 2002
Distribution: Mandrake 9.0
Posts: 58

Rep: Reputation: 15
Unhappy Can't access non-server-root directories in Apache


Hey, has anyone else had this problem? I just set up a server to run a web site from my computer, and rather than copy all my pictures to /var/www/http/, I symlinked the directory that has them in it. For example, ln -s /home/jenna/pics /var/www/http/pics/ . I can connect to my computer from other locations, but whenever click a link to the /pics directory, it says I'm not allowed to access it. I know that read permissions are set to allow everyone on that directory and everything in it. What's wrong?
 
Old 10-26-2003, 04:49 PM   #2
kasperhans
Member
 
Registered: Oct 2003
Location: right behind the moon
Distribution: gentoo
Posts: 466

Rep: Reputation: 30
you have to move them to your apache root dir or change the apache config file to allow the new dir
 
Old 10-26-2003, 05:01 PM   #3
jenna_h
Member
 
Registered: Nov 2002
Distribution: Mandrake 9.0
Posts: 58

Original Poster
Rep: Reputation: 15
What should I put in the config file? If all else fails, I'll just move the pictures over there, but it would be nice to just tell it to include the new directories.
 
Old 10-26-2003, 07:36 PM   #4
akaBeaVis
Guru
 
Registered: Apr 2003
Location: Maryland
Distribution: Slack 9.1,10 Mandrake 10,10.1, FedCore 2,3, Mepis 2004, Knoppix 3.6,3.7, SuSE 9.1, FreeBSD 5.2
Posts: 1,109

Rep: Reputation: 45
Take a look at the config files they have good info in them on how to set things up (mine are in /etc/httpd/conf), here's an excerpt that seems to say you can do what you're trying to do:

this is from commonhttpd.conf

# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
# DO NOT MODIFY THIS ONE, USE httpd.conf and httpd-perl.conf
#DocumentRoot /var/www/html
 
Old 10-27-2003, 10:40 AM   #5
jenna_h
Member
 
Registered: Nov 2002
Distribution: Mandrake 9.0
Posts: 58

Original Poster
Rep: Reputation: 15
Okay, I checked out my conf files, and later on in commonhttpd.conf, it mentions that really strict permissions are set by default:

# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# permissions.
#
# Also, for security, we disable indexes globally
#
#<Directory />
# Options -Indexes FollowSymLinks
# AllowOverride None
#</Directory>

#Restricted set of options
<Directory />
Options -All -Multiviews
AllowOverride None
<IfModule mod_access.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>

This seems to be saying that it's denying access to all directories except the document root. So I added the following sections, saved, and restarted apache:

<Directory /home/jenna/pics/>
Options -Indexes FollowSymLinks
AllowOverride None
</Directory>

<Directory /var/www/html/>
Options -Indexes FollowSymLinks
AllowOverride None
</Directory>

But when I went back to the website, it still refused requests. Maybe I need to modify it in another document as well, but you would think that having it in just one of the config files would be enough (as the main one includes the others).
 
Old 10-27-2003, 03:46 PM   #6
akaBeaVis
Guru
 
Registered: Apr 2003
Location: Maryland
Distribution: Slack 9.1,10 Mandrake 10,10.1, FedCore 2,3, Mepis 2004, Knoppix 3.6,3.7, SuSE 9.1, FreeBSD 5.2
Posts: 1,109

Rep: Reputation: 45
Is the symlink named /home/jenna/pics? I thought it was /var/www/html/pics which would point to /home/jenna/pics, in that case you might try to put those permissions on <Directory pics>
 
Old 10-27-2003, 04:17 PM   #7
jenna_h
Member
 
Registered: Nov 2002
Distribution: Mandrake 9.0
Posts: 58

Original Poster
Rep: Reputation: 15
Okay, I did what you suggested, now my commonhttpd.conf has this entry:

<Directory /var/www/html/pics>
Options FollowSymLinks -Indexes MultiViews SymLinksIfOwnerMatch
AllowOverride All
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>

Saved, restarted Apache, and nothing happened. In addition, the error_log file has this to say:

[Mon Oct 27 17:11:02 2003] [error] [client 142.167.xx.yyy] Symbolic link not allowed: /var/www/html/pics, referer: http://142.167.xx.yyy/]
 
Old 10-27-2003, 07:39 PM   #8
akaBeaVis
Guru
 
Registered: Apr 2003
Location: Maryland
Distribution: Slack 9.1,10 Mandrake 10,10.1, FedCore 2,3, Mepis 2004, Knoppix 3.6,3.7, SuSE 9.1, FreeBSD 5.2
Posts: 1,109

Rep: Reputation: 45
I tried this out myself just now, it works ok for me, I did *not* have to modify my config at all since FollowSymLinks was already set for the docroot, I just created the symlink, and can type urls to the files and have them come up, maybe this is permissions, or perhaps the html you're using, test this by typing a url to your server spec'ing a known file from the symlinked dir, something like this: http://server/pics/known_picname.jpg, see if it comes up.
 
Old 10-27-2003, 08:46 PM   #9
jenna_h
Member
 
Registered: Nov 2002
Distribution: Mandrake 9.0
Posts: 58

Original Poster
Rep: Reputation: 15
I'm pretty sure it's not a permission conflict, since I set read and execute permissions on both the symlink and its corresponding directory before I started. And I just tried inserting an image from that directory into my web page -- to see if it will show up -- but it comes up blank.
 
Old 10-27-2003, 08:58 PM   #10
akaBeaVis
Guru
 
Registered: Apr 2003
Location: Maryland
Distribution: Slack 9.1,10 Mandrake 10,10.1, FedCore 2,3, Mepis 2004, Knoppix 3.6,3.7, SuSE 9.1, FreeBSD 5.2
Posts: 1,109

Rep: Reputation: 45
Well, this is odd, I've actually symlinked my entire document root directory via nfs to a different machine it works without any mods to the config. I wonder what's going on.

Obviously the owner of /home/jenna/pics is not going to be the same user who started the apache server, on this system it's the user "apache", maybe that's the problem, the apache user doesn't have permissions to your /home/jenna/pics dir, maybe you should change it's permissions to a+r and make sure it's contents have those permissions also.

If not, then I would look at the security that's being applied to your apache installation, it may be so tight as to not allow access anywhere outside of document root, (perhaps even chroot'ed?)
 
Old 10-28-2003, 02:11 PM   #11
jenna_h
Member
 
Registered: Nov 2002
Distribution: Mandrake 9.0
Posts: 58

Original Poster
Rep: Reputation: 15
Yeah, I tried doing chmod a+r on the /pics directory and everything in it, and nothing happened. As for security, it seems like it shouldn't be that tight -- I didn't choose any weird options when I was setting it up. How would being chrooted affect the permissions? I have my doubts, but I'll try anything.
 
Old 10-28-2003, 05:34 PM   #12
akaBeaVis
Guru
 
Registered: Apr 2003
Location: Maryland
Distribution: Slack 9.1,10 Mandrake 10,10.1, FedCore 2,3, Mepis 2004, Knoppix 3.6,3.7, SuSE 9.1, FreeBSD 5.2
Posts: 1,109

Rep: Reputation: 45
chroot wouldn't affect permissions as such but would make directories outside the chroot'd root dir appear not to exist to the application running chroot'd, this is not a likely problem though unless you knowingly set up to have apache running chroot'd.

Can you go back through the apache error log and see what's it's saying when you click one of these links. On my system this is /var/log/httpd/error_log
 
Old 10-28-2003, 09:24 PM   #13
jenna_h
Member
 
Registered: Nov 2002
Distribution: Mandrake 9.0
Posts: 58

Original Poster
Rep: Reputation: 15
Okay, this is what it says...it's not really different from last time.

[Tue Oct 28 22:22:40 2003] [error] [client 142.167.xx.yyy] Symbolic link not allowed: /var/www/html/pics, referer: http://142.167.xx.yyy/

Last edited by jenna_h; 10-28-2003 at 09:28 PM.
 
Old 10-29-2003, 06:22 PM   #14
akaBeaVis
Guru
 
Registered: Apr 2003
Location: Maryland
Distribution: Slack 9.1,10 Mandrake 10,10.1, FedCore 2,3, Mepis 2004, Knoppix 3.6,3.7, SuSE 9.1, FreeBSD 5.2
Posts: 1,109

Rep: Reputation: 45
What is that SymLinksIfOwnerMatch option? I'm thinking maybe it's blocking, because otherwise everything looks to be right.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to give apache root access Roll Linux - Software 2 03-02-2005 07:55 AM
Creating user directories in Apache root robojerk Linux - Networking 1 09-21-2004 12:34 PM
Root access to html in apache RJDavison Linux - Newbie 1 05-12-2004 06:45 PM
FTP Users are able to Traverse directories up to the root of my server stingay Red Hat 6 10-25-2003 03:22 AM
Why root has no privilege to access some directories ymei Linux - General 4 10-08-2003 08:14 AM


All times are GMT -5. The time now is 06:52 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration