LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-22-2014, 05:18 AM   #1
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 459

Rep: Reputation: 30
apache issue, symbolic links, pages denied


I'm having a head scratching moment, in my httpd.conf file I have the following standard config:
Code:
DocumentRoot "/srv/httpd/htdocs"
<Directory "/srv/httpd/htdocs">
SymLinksifOwnerMatch ExecCGI MultiViews
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
		
Require all granted
</Directory>
(note removed comments)

So my document root is /srv/httpd/htdocs but since I have been using /var/www/htdocs for like years on other server, I want the same, so done symbolic links which are like so:

Code:
root@orion:/srv# dir -al
total 1
drwxr-xr-x  2 root root  96 Dec 15 17:37 .
drwxr-xr-x 23 root root 536 Mar 22 08:51 ..
lrwxrwxrwx  1 root root   8 Dec 15 17:37 httpd -> /var/www
lrwxrwxrwx  1 root root   8 Dec 15 17:37 www -> /var/www
All ok???
(my /var/www contains htdocs btw)

but when trying to access a file within this root I am denied and my apache error log shows:
Code:
[Sat Mar 22 09:08:26.687884 2014] [authz_core:error] [pid 14751:tid 140449432102656] [client 212.159.180.202:54076] AH01630: client denied by server configuration: /var/www/htdocs/

If however I change the document root line in httpd.conf to read /var/www/htdocs instead of /srv/httpd/htdocs but I DONT want to do this, surly the symbolic links should work, even mentions so in the apache comments.


Additionally, if I change the first/global config of the httpd.conf file from
Code:
<Directory />
    AllowOverride none
    Require all denied
</Directory>
TO
Code:
<Directory />
    AllowOverride none
    Require all granted
</Directory>
it works, so guessing its something to dow ith the symbolic links?
 
Old 03-22-2014, 07:45 AM   #2
yo8rxp
Member
 
Registered: Jul 2009
Location: Romania
Distribution: Ubuntu 10.04 Gnome 2
Posts: 68

Rep: Reputation: 13
if temporary change /var/www permission recursively to 777 , what happens then ?

Last edited by yo8rxp; 03-22-2014 at 08:06 AM.
 
Old 03-22-2014, 11:06 AM   #3
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,952

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
Quote:
SymLinksifOwnerMatch ExecCGI MultiViews
Options Indexes FollowSymLinks Mul0tiViews
The above is wrong. I guess you're using:
Code:
Options Indexes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
Remove "SymLinksifOwnerMatch" because you'll get a 403 if the link owner is not the same as for the target
Also since you're a using a directory outside DocumentRoot add:
Code:
<Directory "/var/www/htdocs">
 Require all granted
</Directory>
Regards
 
Old 03-22-2014, 11:25 AM   #4
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 459

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by yo8rxp View Post
if temporary change /var/www permission recursively to 777 , what happens then ?
same problem, no difference...

@bathory I already have
Code:
DocumentRoot "/srv/httpd/htdocs"
<Directory "/srv/httpd/htdocs">
SymLinksifOwnerMatch ExecCGI MultiViews
Options Indexes FollowSymLinks
AllowOverride AuthConfig
		
Require all granted
</Directory>
and have symbolic links to /var/www/htdocs which is where my problem is
 
Old 03-22-2014, 11:57 AM   #5
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,952

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
Maybe I didn't make myself clear.
You should remove "SymLinksifOwnerMatch" from the DocumentRoot Directory definition and also grant access to /var/www/html:
DocumentRoot "/srv/httpd/htdocs"
Code:
<Directory "/srv/httpd/htdocs">
Options Indexes FollowSymLinks ExecCGI MultiViews
AllowOverride AuthConfig
Require all granted
</Directory>

<Directory "/var/www/htdocs">
 Require all granted
</Directory>
 
Old 03-22-2014, 12:32 PM   #6
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 459

Original Poster
Rep: Reputation: 30
@bathory Sorry, my mistake!! (cut and paste errors)

My actual httpd.conf file looks like:
Code:
DocumentRoot "/srv/httpd/htdocs"
<Directory "/srv/httpd/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
I know adding:
Code:
<Directory "/var/www/htdocs">
 Require all granted
</Directory>
works but thought that having symbolic links as earlier in the thread would have been all that was required? since /srv/httpd/htdocs points/links to /var/www/htdocs

from the httpd.conf file iteslf:
Code:
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
I hope I'm making sense
 
Old 03-22-2014, 01:26 PM   #7
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,952

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
Quote:
My actual httpd.conf file looks like:
Code:

DocumentRoot "/srv/httpd/htdocs"
<Directory "/srv/httpd/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Then it should work.
Are you sure you don't have another "Options ..." directive (maybe in a .htaccess file) that overrides the above
 
Old 03-22-2014, 01:55 PM   #8
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 459

Original Poster
Rep: Reputation: 30
all clean


this one's got me stumped, obviously as a temp "work around", I'll add a config to /var/www/htdocs but really thought the symbolic links would be enough.
 
Old 03-22-2014, 02:10 PM   #9
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,952

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
D'oh...
Make sure that whole directory tree /var/www/html has the execute bit set:
Code:
chmod +x /var /var/www /var/www/html
 
Old 03-22-2014, 02:49 PM   #10
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 459

Original Poster
Rep: Reputation: 30
755

must be something to do with the sym links?
 
Old 03-22-2014, 04:07 PM   #11
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,952

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
Quote:
Originally Posted by plisken View Post
755

must be something to do with the sym links?
Accoding to your 1st post they look correct. What gives:
Code:
ls -ld /srv /srv/httpd /srv/httpd/htdocs
 
Old 03-22-2014, 04:13 PM   #12
yo8rxp
Member
 
Registered: Jul 2009
Location: Romania
Distribution: Ubuntu 10.04 Gnome 2
Posts: 68

Rep: Reputation: 13
try this
Code:
DocumentRoot /srv/httpd/htdocs
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /srv/httpd/htdocs/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

look for .htaccess in htdocs folder and make sure it aint messing up things
is any virtual hosts enabled in apache2.conf ? if so check 000-default configuration , not to override httpd.conf

my raspberry PI works flawlessly upon symlinks , as I deleted /var/www/ folder and ln -s /home/gabriel/www www

Last edited by yo8rxp; 03-22-2014 at 05:09 PM.
 
Old 03-22-2014, 08:29 PM   #13
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 459

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by bathory View Post
Accoding to your 1st post they look correct. What gives:
Code:
ls -ld /srv /srv/httpd /srv/httpd/htdocs
Code:
ls -ld /srv /srv/httpd /srv/httpd/htdocs
gives

Code:
drwxr-xr-x 2 root root    72 Mar 22 18:55 /srv
lrwxrwxrwx 1 root root     8 Dec 15 17:37 /srv/httpd -> /var/www
drwxr-xr-x 6 root apache 296 Mar 22 19:49 /srv/httpd/htdocs
(note: the htdocs from above shows /var/www/htdocs)

ls /var/www -al gives:
Code:
 ls /var/www -al
total 11
drwxr-xr-x 13 root apache  464 Jan  3 13:03 .
drwxr-xr-x 20 root root    536 Dec 21 15:42 ..
drwxr-xr-x  8 root apache  480 Jan  3 13:02 cgi-bin
drwxr-xr-x  3 root apache  976 Aug  5  2013 error
drwxr-xr-x  6 root apache  296 Mar 22 19:49 htdocs
drwxr-xr-x  3 root apache 5216 Aug  5  2013 icons
-rwxr-xr-x  1 root apache   35 Jan  3 12:57 robots2.txt
drwxr-xr-x  5 root apache  128 Jan  3 12:56 www.*[removed].co.uk_
drwxr-xr-x  5 root apache  128 Jan  3 12:56 www.*[removed].com
drwxr-xr-x  5 root apache  128 Jan  3 12:56 www.*[removed].co.uk
drwxr-xr-x  5 root apache  160 Jan  3 12:56 www.*[removed].co.uk
drwxr-xr-x  5 root apache  128 Jan  3 12:56 www.*[removed].com
drwxr-xr-x  5 root apache  128 Jan  3 12:56 www.*[removed].co.uk
drwxr-xr-x  5 root apache  128 Jan  3 12:56 www_template
I'm giving up on this for the time being and just changing the document root to /var/www/htdocs as such, works as expected, when I've more time, I'll dig deeper, probably something simple but for sure this one got me...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache & symbolic links zeky Linux - Software 3 06-19-2008 10:23 AM
Apache 2.2 on FC5 and symbolic links/symlinks pdevr99 Linux - Security 5 04-05-2007 04:56 PM
Apache and Symbolic Links gjagadish Linux - Software 2 12-18-2006 03:43 PM
Problem with Apache and Symbolic Links gjagadish Linux - Security 1 08-12-2006 04:24 AM
Apache and Symbolic Links epeus Linux - General 2 11-10-2002 12:52 AM


All times are GMT -5. The time now is 10:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration