www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dennis MV <De...@chosenpathways.com>
Subject config/6694: httpd doesn't follow symlinks outside its /usr/local/apache/htdocs folder (I read bug reports 121,480,2477 -- still didn't fix my problem
Date Mon, 16 Oct 2000 13:23:04 GMT

>Number:         6694
>Category:       config
>Synopsis:       httpd doesn't follow symlinks outside its /usr/local/apache/htdocs folder
(I read bug reports 121,480,2477 -- still didn't fix my problem
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          support
>Submitter-Id:   apache
>Arrival-Date:   Mon Oct 16 06:30:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Denny@chosenpathways.com
>Release:        1.3.14
>Organization:
apache
>Environment:
Linux RedHat 6.2
Linux server 2.2.14-5.0 #1 Tue Mar 7 20:53:41 EST 2000 i586 unknown
mod_perl-1.24_01
compiler: egcs-2.91.66
perl, version 5.005_03
>Description:
httpd can read files from /usr/local/apache/htdocs folder
i.e. http://localhost/index.html reads just fine, but
http://localhost/singles/index.html gives me a 403 error
singles is a ln -s made link:
---------
[root@server htdocs]# pwd
/usr/local/apache/htdocs
[root@server htdocs]# ls -l singles
lrwxrwxrwx    1 nobody   nobody         29 Oct 16 06:47 singles -> /home/singles
/singles/htdocs/
---------
However, If I create a symlink like
lrwxrwxrwx    1 nobody   nobody         29 Oct 16 06:47 boo -> manual
where manual is the doc folder for apache, 
http://localhost/manual/index.html and
http://localhost/boo/index.html work all right
---------
I have FollowSymLinks in my httpd.conf file.
I also have virtual host created on another IP, but neither
http://localhost/singles nor
http://192.168.0.10/ work 
---------
Snips from httpd.conf
DocumentRoot "/usr/local/apache/htdocs"

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

<Directory "/usr/local/apache/htdocs">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>
<VirtualHost 192.168.0.10>
ServerName singleslibrary.com
ServerAdmin webmaster@singleslibrary.com
DocumentRoot /usr/local/apache/htdocs/singles/
TransferLog logs/singleslibrary.com-access_log
<Directory "/home/singles/singles/htdocs">
    Options FollowSymLinks
    AllowOverride None
</Directory>
Alias /htdocs/ "/usr/local/apache/htdocs/"
</VirtualHost>
>How-To-Repeat:
try creating a symlink from /usr/local/apache/THESYMLINK
to a home user directory, like /home/$user/htmlfolder.  Theoretically you should not be able
to access /home/$user/htmlfolder from the web through the symlink .. 
>Fix:
No, nothing worked so far, so I hope maybe somebody will shine a light on it.. I've tried
changed ownership to for symlink and the user directories it was pointing to to root(chown,
chgrp), to nobody and to the user himself.  all the files are world-wide readable (I hope,
unless there is a specific way to make them that way)  but they are all chmod 0644.  There
are no hidden .htaccess files either... I did a find / -name .htaccess as root and didn't
find any except one example somewhere deep in perl folders (but that's an irrelevant one)
I also read bug reports 121,480,2477  and tried all the suggestions but they didn't work.
I hope I didn't miss anything.  I also took the httpd.conf file directly from a server where
the symlinks work, but for some reason they don't work on my server.
One thing that will work is to delete the symlink, create a directory singles and move all
the files from /home/singles/singles/httpd to /usr/local/apache/htdocs/singles  ... but I'd
rather not .. unless I really really really have to.  thanks.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message