error 403 Forbidden symbolic link not allowed
i'm running apache and big brother and after using webmin, i can't view anything in the bb directory. everything else running on apache on my box is fine, but when i go to my bb page it gives me a 403 Forbidden error.
"You don't have permission to access /bb/ on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."
when i check the httpd error log it says symbolic link not allowed. i do have the bb directory symbolically linked, but all my httpd files say to allow symlinks.
any suggestions? ideas??
check does apache has permissions to access this directory
Im having the same problem, how do you check if apache has permissions?
check what is the user that httpd runs as. In Redhat it is usually 'apache' (not sure how is in Mandrake - you can find this out in your httpd.conf - directive 'User')
then check permissions of the folder you're trying to access via http - user 'apache' must be able to read/execute it. And not only the current dir, but all it parent dirs too ('execute' is enough for parents - no need of 'read'). For example:
drwxr-xr-x 2 root root 4096 Feb 6 1996 example
you can see the dir is owned by root, but group and others has r-x permissions - so everyone can cd in to 'example' and can read it content.
But if you have it like this:
drwxr-x--- 2 root root 4096 Feb 6 1996 example
drwx------ 2 root root 4096 Feb 6 1996 example
apache will not be able to read contents of this dir.
if you change it to be like this:
drwxr-x--- 2 root apache 4096 Feb 6 1996 example
or make the dir owned by apache:
drwx------ 2 apache somegroup 4096 Feb 6 1996 example
apache will be able to access it.
You can also assign apache to the approrative group and make the dir accessible by group members.
I'm having a similar problem. I am running Fedora Core 3 and I get several error messages when I try to access a page on my website. The page I'm trying to access has content on my Windows XP box. I created a symbolic link to that DIR (this worked very well on RH9). When I boot up I get an error that says "Invalid line in /etc/fstab" I also get the "Symbolic link not allowed:" not allowed when I try to access the page. I can however access the files on my XP machine from my FC3 box so I know the connection between the two PCs are working. I have set the DIRS of /var/www/html/pics (symbolic link) to r-xr-xrwx and the /mnt/pics to r-x-r-x-rwx. The link in my fstab is as follows:
mount -t smbfs //"ip of windows machine"/pics /mnt/pics -o username="username of account on xp",password="usernames password"
I have changed the info in " " to protect the innocent.
Any Ideas on what to do next?
I experienced the same issue.
It turned out to be selinux that is the cause.
Selinux be default locks down Apache in order to prevent
both malicious behaviour, and to prevent people from
shooting themselves in the foot security wise.
Have a read up on selinux policy settings as you will need
to either modify the way you have BB setup, modify the
standard selinux policies, or disable selinux
The files you want to peruse are under /etc/selinux.
I'm seeing the same thing on SLES9.
I su'ed into wwwrun (using -s /bin/bash to get a shell) and I cannot traverse the link (Permission denied). What's more, if I cd into the link then su the pwd becomes the dereferenced directory.
Found a workaround.. and maybe an answer
I was doing some more searching and found an interesting workaround:
>My work around was I did a loopback device--
>mount --bind /var/www/html/htdocs /home/userid
>this worked like a charm.
This was related to an FTP issue. The problem was that when someone FTP'd into the server they were chroot'd into their directory and the symbolic link would of taken them out of their jail. I'm not sure why I cannot follow the link when I su into wwwrun, but the workaround works.
This is the reason why I love this forum. I have been banging my head on the desk trying all sorts of things, 2 minutes to read this thread and the simple idea and the problem was solved. :D
|All times are GMT -5. The time now is 11:40 PM.|