[SOLVED] Apache server: permission and symbolic link problem

zunnoorainfarooqui · 05-29-2014, 09:30 AM

Hi,

I am using Centos(Linux 2.6.32-431.11.2.el6.x86_64). I am trying to create an Apache2.2.15 web server. Every thing configured very well. My DocumentRoot is the default location i.e.

Code:

/var/www/html

I am able to create symbolic link which works perfectly. for example I can create a link for the configuration directory i.e.

Code:

ln -s /etc/httpd/conf/ /var/www/html/conf

I also made a symbolic link to the home directory but it is not working. When I test my web-server it gave me the following error

Code:

Forbidden

You don't have permission to access /test1/home/ on this server.

Apache/2.2.15 (CentOS) Server at my-PC Port 80

the web-server is running as an abc user(abc is a regular user and has home directory access). The permission of the home directory is

Code:

drwxr-xr-x.   6 abc abc  4096 May 29 14:47 home

The concerning part of httpd.conf is given below

Code:

<Directory "/">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Allow from all
</Directory>
<Directory "/var/www/html/">
 Options Indexes FollowSymLinks Includes ExecCGI
 AllowOverride All
 Allow from all
</Directory>

Can any body suggest me how can I create a symbolic link for the home directory or for the /home/abc/Download directory?

Thanks in advance for any kind of assistance

Regards

potato_farmer · 05-29-2014, 10:25 AM

First, do not symlink your conf dir to your /var/www/html dir. Really bad idea.

Second, try not to create symlinks for things you want to serve. Here's a better way:

In apache config:

Alias /download /home/abc/Download
<Directory "/home/abc/Download">
options go in here
</Directory>

Also, if you have SELINUX running, you'll need to modify that directory as a permitted type for apache, or disable SELINUX.

zunnoorainfarooqui · 05-29-2014, 11:07 AM

Thanks for your kind reply.

Quote:

First, do not symlink your conf dir to your /var/www/html dir. Really bad idea.

I do agree with you, I wrote it just to emphasis that, I am able to create the symbolic link

I already disable the SELINUX

as per your advice I added the lines in the httpd.conf. So now the updated conf file is look like this

Code:

<Directory "/">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Allow from all
</Directory>
<Directory "/var/www/html/">
 Options Indexes FollowSymLinks Includes ExecCGI
 AllowOverride All
 Allow from all
</Directory>
Alias /download /home/abc/Download
<Directory "/home/abc/Download">
 Options Indexes FollowSymLinks Includes ExecCGI
 AllowOverride All
 Allow from all
</Directory>

but still I am unable to see the download directory on the server

any suggestion?

regards

potato_farmer · 05-29-2014, 11:10 AM

What happens when you go to /download in a browser?
And what do the logs show?

zunnoorainfarooqui · 05-29-2014, 11:34 AM

I can not see the download folder in the browser

here is the last line of the /var/log/httpd/error_log file

Code:

[Thu May 29 18:27:49 2014] [error] [client ##########] File does not exist: /var/www/html/favicon.ico

bathory · 05-29-2014, 12:46 PM

Quote:

<Directory "/">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Allow from all
</Directory>

You must not allow webserver to access the / directory for security reasons.

Regarding the Alias, clear you browser cache and visit /download. Post what is shown on your browser and the error you get in error_log.

Regards

zunnoorainfarooqui · 05-30-2014, 06:27 AM

Thanks for your kind reply.

In order to avoid all the mess I reconfigured everything with the new user "test"

My DocumentRoot is pointed to "/var/www/html" and in addition to that, I want to add a webserver directory(which is located under /home/test/ directory) through Alias.

here is my /etc/httpd/conf/httpd.conf file

Code:

DocumentRoot "/var/www/html"
<Directory "/var/www/html">
   Options Indexes FollowSymLinks
   AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
Alias /webserver /home/test/webserver
<Directory "/home/test/webserver">
   Options Indexes FollowSymLinks
   AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

Here is the content of my DocumentRoot /var/www/html/ directory

Code:

drwxr-xr-x 2 test test 4096 May 30 12:27 documents
drwxr-xr-x 2 test test 4096 May 30 11:50 pictures
drwxrwxr-x 2 test test 4096 May 30 12:18 video
-rwxr-xr-x 1 test test   21 May 30 11:52 worksheet.txt

Here is the permission setting of home direcoty

Code:

drwxr-xr-x.   6 test    test     4096 May 30 11:54 home

Here is the permission setting of test direcoty

Code:

drwxr-xr-x   5 test test  4096 May 30 13:02 test

Here is the permission setting of webserver direcoty

Code:

drwxr-xr-x 4 test test 4096 May 30 11:56 webserver

Here is the content and permission setting under the webserver direcoty

Code:

-rwxr-xr-x 1 test test   30 May 30 11:56 calender.txt
drwxr-xr-x 2 test test 4096 May 30 11:55 images
drwxr-xr-x 2 test test 4096 May 30 11:56 resutls

When I visit the webpage I see the following content

Code:

                                                              Index of /

   [ICO] Name Last modified Size Description
     ________________________________________________________________________________________________________________________________________________________

   [DIR] documents/ 30-May-2014 12:27 -
   [DIR] pictures/ 30-May-2014 11:50 -
   [DIR] video/ 30-May-2014 12:18 -
   [TXT] worksheet.txt 30-May-2014 11:52 21
     ________________________________________________________________________________________________________________________________________________________


    Apache/2.2.15 (CentOS) Server at localhost Port 80

Here is the content of my /var/log/httpd/error_log file

Code:

[Fri May 30 13:07:19 2014] [notice] Apache/2.2.15 (Unix) DAV/2 configured -- resuming normal operations

Apache server is running by "test" user with SELINUX=disabled

In principle I should see the webserver directory on the webpage but it is not there

Do you have any idea about it

If I create a symbolic link, then I am able to go inside the webserver directory(its mean that, there is no permission issue) but with the Alias I can't go inside the webserver directory

Regards

bathory · 05-30-2014, 03:19 PM

Quote:

In principle I should see the webserver directory on the webpage but it is not there

Do you have any idea about it

If I create a symbolic link, then I am able to go inside the webserver directory(its mean that, there is no permission issue) but with the Alias I can't go inside the webserver directory

If you use an Alias the URL to it is: http://server/webserver. It is not shown under the directory listing of /var/www/html
If you use a symlink, the URL is the same (http://server/webserver) and you can see the symlink in the directory listing

Regards

zunnoorainfarooqui · 05-30-2014, 04:43 PM

Code:

If you use an Alias the URL to it is: http://server/webserver. It is not shown under the directory listing of /var/www/html

Thanks a lot. I never knew this fact

Now every thing is working

In addition to that, may I ask some thing apart from the apache server?

Now I am able to acess the server inside my university. but I can not access it from my home

do you have any idea, what could be the probable reason

regards

bathory · 05-31-2014, 03:28 AM

Quote:

Now I am able to acess the server inside my university. but I can not access it from my home

do you have any idea, what could be the probable reason

You have to open port 80 on the university firewall and forward it to your box.

zunnoorainfarooqui · 06-01-2014, 01:11 PM

Quote:

You have to open port 80 on the university firewall and forward it to your box.

But I have a fixed/static IP and I am able to access my PC from my home through SSH or rdesktop.

do you think it is a firewall problem. How can I check that, port 80 is block by the firewall

Thanks in advance

bathory · 06-02-2014, 02:05 AM

Quote:

Originally Posted by zunnoorainfarooqui

But I have a fixed/static IP and I am able to access my PC from my home through SSH or rdesktop.

do you think it is a firewall problem. How can I check that, port 80 is block by the firewall

Thanks in advance

To check if port 80 is closed by a firerwall in your box run:

Code:

iptables -nvL|grep 80

If it's open, then it's your university firewall that blocks it.

Regards

zunnoorainfarooqui · 06-02-2014, 06:51 AM

First of all thanks a lot in order to accomodate all my queries.

Here is the status of my firewall

Code:

sudo iptables -nvL | grep 80
    7   288 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80

Its mean that, there is no problem on my PC firewall. Its mean that the port is block in the unicersity firewall. Is there any work around to bypass the firewall or any otherway in order to access the webserver

Regards

bathory · 06-02-2014, 07:48 AM

Quote:

Originally Posted by zunnoorainfarooqui

Its mean that, there is no problem on my PC firewall. Its mean that the port is block in the unicersity firewall. Is there any work around to bypass the firewall or any otherway in order to access the webserver

Regards

The only thing you can do, is to find a port that is open at your university firewall and configure apache to listen on that port. I guess you cannot mess with the university firewall and use NAT to forward that port to port 80 of your box

zunnoorainfarooqui · 06-02-2014, 09:16 AM

Anyway, thanks a lot

It was a very informative chat with you

Regards