How to setup FollowSymLinks? - apache

I am trying to have Apache follow a symlink to a raid array server that will contain some large data files. I have tried modifying httpd.conf to have an entry like this
<Directory "/Users/imagine/Sites">
Options FollowSymLinks
AllowOverride all
Order allow,deny
Allow from all
</Directory>
to have Apache follow any sym link in the Sites folder.
I keep getting an error return that seems to indicate I don't have any permissions to access the files. The error is:
Forbidden
You don't have permission to access
/~imagine/imageLibraryTest/videoClips/imageLibraryVideos/imageLibraryVideos/Data13/0002RT-1.mov
on this server.
The sys link file is the last "imageLibraryVideos" in the line with the Data13 being the sub dir on the server containing the file.
The 0002RT-1.mov file hase these permissions:
-rwxrwxrwx 1 imagine staff 1138757 Sep 15 17:01 0002RT-1.mov
and is in this path:
cd /Volumes/ImagineProducts-1/Users/imagine/Sites/imageLibraryVideos/Data13
the link points to:
lrwxr-xr-x 1 imagine staff 65 Sep 15 16:40 imageLibraryVideos -> /Volumes/ImagineProducts-1/Users/imagine/Sites/imageLibraryVideos

I had the same problem last week and the solution was pretty simple for me.
Run:
sudo -i -u www-data
And then try navigating the path, directory by directory. You will notice at some point that you don't have access to open the dir.
If you get into the last directory, check that you can read the file (with head for example).

Look in the enclosing directories. They need to be at least mode 711. (drwx--x--x)
Also, look in /var/log/apache2/error_log (Or whatever the concatenation of ServerRoot and ErrorLog is from the httpd.conf) for a possibly more-detailed error message.
Finally, ensure you restart apache after messing with httpd.conf.

You should also look at bind mounts rather than symlinks - that would allow you to remount a given path at a new point. The following is an example:
mount --rbind /path/to/current/location/somewhere/else /new/mount/point
You can also edit your fstab to do this at boot:
/path/to/original /new/path bind defaults,bind 0 0

This is a permissions problem where the user that your web server is running under does not have read and/or execute permissions to the necessary directories in the symbolic link path. The quick and easy way to check is to su - web-user (where web-user is the user account that the web server is running under) and then try to cd into the path and view the file. When you come across a directory that you don't have permission to enter, you'll have to change the permissions and/or ownership to make it accessible by the web server user account.

Related

Can't ssh into Apache server after changing file ownership?

I changed the owner of some of the folders on our Apache web server to my username so I could make edits, I changed them all back to the root. I was using sudo chown username:group -R *. Now no one can SSH in to the server. I have no idea what the problem could be. Changes I made:
Misc web edits in var/www/html
Created .htaccess file from here in /var/www/html (was trying to enable gzip)
Changed the "AllowOverride" from "None" to "All" here (was trying to enable the .htaccess file) in /etc/httpd/conf:
#
# AllowOverride controls what directives may be placed in .htaccess files
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
In order to do all of this I needed to change the owner of the folders to my username, which I did. Then I changed them back. Presto change-o, no one can log in. How did I screw up?
The first thing you need to do is ask someone to SSH in debug mode. You can turn debugging on with the -v flag. For example, ssh -v user#hostname.
The most likely cause for your troubles is you have auth set to public key only, and the permissions for the .ssh folder in each user's home directory on the server is incorrect. Verify:
the .ssh directory permissions to be 700 (drwx------) on the server
the public key (.pub file) to be 644 (-rw-r--r--)
the private key (id_rsa) on the user's machine should be 600 (-rw-------)
lastly, each user's home directory (on the server) should not be writeable by the group or others (at most 755 (drwxr-xr-x))
See this answer for more info.

Unable to get access to specific directory to run a site on ec2

Still fairly new to ec2, I made a new directory as /home/user/www. Opened ftp service that allows git commits to be pushed to the server. This works fine as I can see the files come up. The problem being when I run my site, the Apache test page pops up and when I try opening a page in /home/user/www directory, it says Forbidden, you don't have permission to access / on this server.
I have successfully changed the DocumentRoot
DocumentRoot "/home/user/www"
AllowOverride None
# Allow open access:
Require all granted
and Directory in httpd.config to /home/user/www, all but to no result.
Any help is appreciated. Permissions are 777 for test basis but still no success. User is the owner of all the files in www
Solved my own question. Permissions need to be set on the third directory i.e., www. Therefore, I did chmod 755 ~/www.
Worked like a charm

Apache can't serve DocumentRoot : no execute permission error

I am trying to migrate a web application from a Slackware config of Apache to a CentOS 7 one. DocumentRoot set to /home/STORAGE and there is a simple index.html file in it for testing. Both /home/STORAGE and index.html have 777 permissions set, yet Apache reports :
access to /index.html denied ... because search permissions are missing on a component of the path.
On the other hand, phpMyAdmin works fine, configured with a separate .conf file in /etc/httpd/conf.d . I tried using their example to make a .conf file for my app, but it still reports the same error. I don't even know where to start looking here.
EDIT:
I think this has something to do with the user of Apache. It is set to a local user in httpd.conf not to root, but the only pages the server serves are those in directories owned by root.
It was not a permission error but a Selinux issue. I decided to use the default /var/www/html for the application but still, had to allow write access to some dirs. Here is what I typed:
sudo chcon -t httpd_sys_rw_content_t /some/dir/in/var/www/html -R
The first time I typed it without -R and the permissions didn't change (check with ls -Z /dir/path). Now it is fine.

Document root must be a directory RHEL6

Respected Members,
I am a newbie to linux. Preparing for my RHCSA exam. I have an error in apache conf which I am unable to solve it. If any member gives me any suggestion regarding this, it will be a great help.
Okay so here is the task which I am trying to perform:
******* YUM Server With HTTP *****
I have copied the whole RHEL6 dvd into my desktop in a directory called "rhelrepo". After that created a database with "createrepo" inside "Packages" folder. Modified httpd server config file with Alias "/repo" pointed towards the directory "/home/admin/Desktop/rhelrepo".
Created directory
order allow,deny
allow from all
Options Indexes FollowSymLinks
Disabled selinux, firewall. Restarted the httpd service, it is not accessible. After that I changed the Document root to the appropriate folder /home/admin/Desktop/rhelrepo , it says that "Document Root Must Be A Directory".
I am struggling to find the solutions for this. I have applied the solutions which is provided in this forum but still no luck. Will appreciate any help from the members
Thanks
This is typically either an SELinux issue or a typo in your configuration. Please check that the documentroot directive does not contain any weird quote characters or full stops or the like. If possible, post your actual DocumentRoot configuration line in this question.
Also, you could run namei -m /home/admin/Desktop/rhelrepo to make sure the system sees your directory as an actual directory.

How do I make Apache read symlinks to different partition?

I have Linux Mint 13 with two ext4 partitions, one for / and one for /home. I just installed LAMP. It works fine except that Apache won't read symlinks that target the second partition. The server's document root is set to /var/www.
What I'm trying to do is create symlinks for each website in www to link to /home/my-username/Documents/mywww/website_name so I can access it via localhost/website_name.
I enabled FollowSymLinks and removed SymLinksIfOwnerMatch. I also gave 777 permission to the symlink itself and to the mywww folder and all its contents. But it just doesn't work.
The error log says "Symbolic link not allowed or link target not accessible". Setting the document root to /home/my-username/Documents/mywww/website_name also diesn't work and prints "(13) Permission denied: Access to / denied" to the error log.
I hope someone can help me out here.
EDIT: added some paragraphs
This sounds like a permission/ownership issue if you have Options FollowSymLinks already set in httpd.conf. What are your permissions for the Documents dir? Its usually 700 by default. Setting it to chmod 705 or chmod 755 may work.