Hi I have several domains that would like to access the same image repository. Is there an easy way of doing this? I am running plesk on linux.
I have found this page https://httpd.apache.org/docs/2.4/mod/core.html#directory. with this syntax to be put in the additional directives for http and https sections in the server settings.
will this
<Directory "/usr/local/httpd/htdocs">
Options Indexes FollowSymLinks
</Directory>
allow me to read and write to those directories?
FollowSymLinks option will allow exactly it - Apache will be able to process data which is not physically located inside domain directory, but is referred to by a symlink located inside domain directory.
There are two major points that you should be aware of:
1. You should have sufficient permission for system users of the domain which will be accessing shared files on the directory which contain these files. Basically, chmod 666 will do the job, but it is up to you how exactly set up rights to maintain desirable security level.
2. If websites are using PHP code, you should ensure that shared directory is included in open_basedir value.
This link can be useful - How to change open_basedir parameter for all domains?
Related
I am trying to set up a WebDav server using sabre/dav. I got it set up and running and as long as I serve up files form with in the web server root (like /var/www/mydocs) I can access them in read-write mode. However, when I move sabre’s root directory to be like /mnt/mydocs I can only access them in read only mode. I do not think it is file permissions because I set them up the same both places and gave apache full access to both. I think it might be apache directory access directives but I have not found any combination that works. The last thing I tried in the apache config file was something like this.
<Directory “/mnt/mydocs”>
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
Any ideas? Thanks for your help.
I have a question about the Apache's Directory directive, here is what they say in the docs (http://httpd.apache.org/docs/2.4/mod/core.html#directory):
Note that the default access for <Directory "/"> is to permit all access. This means that Apache httpd will serve any file mapped from an URL. It is recommended that you change this with a block such as
<Directory "/">
Require all denied
</Directory>
But how will Apache do what they say (serve any file mapped from an URL) if I have only DocumentRoot set up, e.g.:
DocumentRoot "/usr/local/apache/htdocs"
No Alias "/some/webspace/path" "/", UserDir or other URL mapping rules which map to the root / directory of the system?
In another section of the docs (Security Tips http://httpd.apache.org/docs/2.4/misc/security_tips.html#protectserverfiles), they make a half-full example of UserDir as I can guess:
One aspect of Apache which is occasionally misunderstood is the
feature of default access. That is, unless you take steps to change
it, if the server can find its way to a file through normal URL
mapping rules, it can serve it to clients.
For instance, consider the following example:
# cd /; ln -s / public_html
Accessing http://localhost/~root/
This would allow clients to walk through the entire filesystem. To work around this, add the following block to your server's configuration:
<Directory "/">
Require all denied
</Directory>
This will forbid default access to filesystem locations.
Is what they say about the Directory directive at http://httpd.apache.org/docs/2.4/mod/core.html#directory just a warning in the case you use modules like mod_userdir like they then show at http://httpd.apache.org/docs/2.4/misc/security_tips.html#protectserverfiles? Or is there something else, maybe a little detail about Directory not given in the doc?
Thanks for the attention!
In Apache, there are unlimited hypothetical plugins/directives that could change only how a URL is mapped to the filesystem. Obvious/mainstream ones are DocumentRoot, Alias, AliasMatch, RewriteRule, UserDir etc. But there's no telling what other ones might exist.
Apache simply separates the URI to filesystem mapping completely from whether the core is willing to actually serve from that filesystem location.
There are a few ways you can accidentally expose things, like with mod_rewrite, and the default configuration file protects you from this with the defaults on <Directory />. The manual is not good at always emphasizing the differences in the compiled-in defaults and the contents of the default conf. The latter can change when repackaged which is tricky.
Well, I have a website in apache directory: /var/www/html. Previously I had all my web images in /var/www/html/media, so I used to put /media/imgX.jpgfor loading them. but now I need to put them in /mnt/imgs.
For some reason, using this path does not work the same way as before.
I think it has something to do with permissions using files from outside apache directory but I am not sure about it. Any idea?
The easiest way to add directories to Apache httpd is to use the "alias" module:
Alias /images "/mnt/imgs"
<Directory "/mnt/imgs>
Options Indexes
AllowOverride All
Require all granted
</Directory>
Once you have set up this, test it with: "yourdomain.com/images".
Of course:
The directory "/mnt/imgs" need the appropriate rights, so Apache Httpd can access it. Therefore you need to find out the group it runs with.
These files will be available to the public, if you dont secure them.
Once this is functional, remove the "indexes" line from the snippet above.
My only virtual host in Apache has /var/www/html as its document root, that html is a symbolic link to something like /home/yanzs/web/some-project/. I am doing this so that I can easily work on a new web project without create a new virtual host in apache. So here is my problem, when I access localhost, it says
Forbidden
You don't have permission to access / on this server.
How can I set permissions for that "/home/yanzs/web/some-project/" directory, or better its parent directory "/home/yanzs/web/"?
Here is the default setting for /var/www/ directory, does the FollowSymLinks option automatically set permissions for directories that are the targets of symbolinks under /var/www?
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Update: I also tried to use the Alias setting, does not work either.
Update 2: If I set the document root as /var/www/html, and create a symbolic link under html directory, pointing to /var/www/project. Then it works, and the Alias method works too. It seems that it has something todo with the owner or other file permission settings. All files and folders under /var/www are owned by root, while those under /home/yanzs/web are owned by yanzs.
Solution:
It turns out that permission on all parent directories matters, too. One of the parent directory is copied from Windows and does not have the required permission by default. See (13) Permission Denied for more details. One lesson learned is never forget to check the error logs, even if you know permissions are relevant from output of browser.
It turns out that permission on all parent directories matters, too. One of the parent directory is copied from Windows and does not have the required permission by default. See (13) Permission Denied for more details. One lesson learned is never forget to check the error logs, even if you know permissions are relevant from output of browser.
How can I get Apache to display the contents of my folder and provide links to them? Similar to http://www.kernel.org/pub/linux/?
I don't have access to the Apache configuration, so I'm looking for something in the way of .htaccess or something I can do in just my home folder.
You have to use the option Indexes in the Apache configuration.
For instance, in the .htaccess file for your directory (if you can use those, and have sufficient privileges), you could put :
Options +Indexes
This functionality is provided by mod_autoindex, which has lots of options to allow fine-tuning of the generated output, btw
To get this working, that module must be loaded, and to be able to activate the option in an .htaccess file, you will need the admin of the server to give you some privileges (with the AllowOverride directive in the Apache's main config file, if I remember correctly -- well, your admin should know that better than me anyway ^^ )