How to make Apache2 to use nfs mount with symlinks
DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to make Apache2 to use nfs mount with symlinks
I have a Debian server (version 8) with Apache2 installed from repository.
I need help making Apache to use an nfs mount and with symlinks
Is running OK and it has Followsymlinks enabled. I know because I tested it using a symlink to a local folder not on the same path of the Document Root.
I have a Windows Server sharing a NSF folder with read and write access to the root user.
I mount it with this command:
Code:
mount -t nfs -o v3,scontext=unconfined_u:object_r:httpd_sys_content_t:s0 192.168.1.2:/FWData /mnt/nfs/external/htmldata
I test it and I can read,write,delete files and folders on the path.
The owner is root:root and the chmod is drxw-rx-rx. I created a folder inside the htmldata path and it has the same privileges (sarg/sarg-reports)
Then I did a symlink at /var/www/html (Document Root) as
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,relatime,size=10240k,nr_inodes=253483,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,relatime,size=408976k,mode=755)
/dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=23,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
mqueue on /dev/mqueue type mqueue (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
vmware-vmblock on /run/vmblock-fuse type fuse.vmware-vmblock (rw,relatime,user_id=0,group_id=0,default_permissions,allow_other)
rpc_pipefs on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=204488k,mode=700)
192.168.1.2:/FWData on /mnt/nfs/external/htmldata type nfs (rw,relatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=192.168.1.2,mountvers=3,mountport=1048,mountproto=udp,local_lock=none,addr=192.168.1.2)
/dev/sdb on /diskb type ext4 (rw,relatime,data=ordered)
[Wed Nov 23 12:30:11.211336 2016] [core:error] [pid 75916] [client 192.168.1.2:20629] AH00037: Symbolic link not allowed or link target not accessible: /var/www/html/sarg-reports-test
Maybe im missing something but at first blush, your symlink says "sarg-reports-test -> /mnt/nfs/external/sarg/sarg-reports-squid" but you provided the ls -alh output of "/mnt/nfs/external/htmldata/sarg" which is a different directory.
What user does apache run as in Debian?
Also,. I would try making a symlink to index.html and seeing if apache was able to pick up a file in the same directory as the symlink.
Last edited by szboardstretcher; 11-23-2016 at 10:49 AM.
Maybe im missing something but at first blush, your symlink says "sarg-reports-test -> /mnt/nfs/external/sarg/sarg-reports-squid" but you provided the ls -alh output of "/mnt/nfs/external/htmldata/sarg" which is a different directory.
What user does apache run as in Debian?
Also,. I would try making a symlink to index.html and seeing if apache was able to pick up a file in the same directory as the symlink.
Sorry.
I tried a web page on a symlink within the same path (/var/www/html) to a local directory instead of nsf directory and it worked, that is why I know the FollowSymLinks directive is active.
Apache service user run as?
'ps -aux |grep apache2':
[Wed Nov 23 15:12:08.046694 2016] [core:error] [pid 73937] [client 192.168.1.2:22515] AH00037: Symbolic link not allowed or link target not accessible: /var/www/html/sarg-reports-test
You have symlinks allowed, and you have a symlink. Fine. That works.
That symlink points to a DIFFERENT directory that is mounted through NFS. And the NFS mount gives that directory its permissions.
Looks like "drwx------ 2 4294967294 4294967294 64 Nov 23" specifically.
Your apache runs as 'www-root' which is a different user and group than '4294967294' and so doesn't have access to that directory.
So - make sure that your /mnt directories allow the www-data user or group and your NFS mount is mounted with the correct permissions to allow www-data user or group. You can also do this by allowing read and execute for 'world/other' for those directories. Files should be chowned similarly.
Last edited by szboardstretcher; 11-23-2016 at 02:00 PM.
You have symlinks allowed, and you have a symlink. Fine. That works.
That symlink points to a DIFFERENT directory that is mounted through NFS. And the NFS mount gives that directory its permissions.
Looks like "drwx------ 2 4294967294 4294967294 64 Nov 23" specifically.
Your apache runs as 'www-root' which is a different user and group than '4294967294' and so doesn't have access to that directory.
So - make sure that your /mnt directories allow the www-data user or group and your NFS mount is mounted with the correct permissions to allow www-data user or group. You can also do this by allowing read and execute for 'world/other' for those directories. Files should be chowned similarly.
The mount point is own by root and the chmod is already with world rx access, so I dont understant .
The mount is own by root because the user that has access to the nfs is root.
Maybe I can add the user www-data to the root group but still being in the www-data group. This way the apache service user will have the access by the group.
Last edited by jetberrocal; 11-23-2016 at 07:06 PM.
I made the www-data user to belong to the root group.
Tried to access the Web site but still gives me Forbidden error.
error.log
Code:
[Tue Nov 29 14:24:29.808438 2016] [core:error] [pid 74050] [client 192.168.1.2:20748] AH00037: Symbolic link not allowed or link target not accessible: /var/www/html/sarg-reports-test
I wanted to replicate this out of the box. So I logged into digital ocean and spun up two Debian 8 instances. One I called NFS-server and the other is APACHE-server. Here is the setup I did:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.