followsymlinks not working

11/02/2007, 09h36

Please as this is driving me nuts. There follows my
sites-available/defaults file. Notice the followsymlinks option in the
root section and the "mydef" default redirection. mydef is a symbolic
link to a web in my home directory.

lrwxrwxrwx 1 root root 27 2007-02-11 09:04 mydef -> /home/richard/web

Yet when I try to access localhost I get:

"You don't have permission to access /mydef on this server."

The error log says:

"[Sun Feb 11 10:33:46 2007] [error] [client 127.0.0.1] Symbolic link not
allowed: /var/www/mydef"

Where have I gone wrong? Is something elsewhere overriding my
followsymlinks option?

(yes, I did restart apache).

,----
| NameVirtualHost *
| <VirtualHost *>
| ServerAdmin webmaster@localhost
|
| DocumentRoot /var/www/
|
| <Directory /var/www/>
| Options Indexes FollowSymLinks MultiViews
| AllowOverride None
| Order allow,deny
| Allow from all
| # Uncomment this directive is you want to see apache2's
| # default start page (in /apache2-default) when you go to /
| # RedirectMatch ^/$ /apache2-default/
| RedirectMatch ^/$ /mydef/
| </Directory>
|
| ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
| <Directory "/usr/lib/cgi-bin">
| AllowOverride None
| Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
| Order allow,deny
| Allow from all
| </Directory>
|
| ErrorLog /var/log/apache2/error.log
|
| # Possible values include: debug, info, notice, warn, error, crit,
| # alert, emerg.
| LogLevel warn
|
| CustomLog /var/log/apache2/access.log combined
| ServerSignature On
|
| Alias /doc/ "/usr/share/doc/"
| <Directory "/usr/share/doc/">
| Options Indexes MultiViews FollowSymLinks
| AllowOverride None
| Order deny,allow
| Deny from all
| Allow from 127.0.0.0/255.0.0.0 ::1/128
| </Directory>
|
| </VirtualHost>
`----

--

11/02/2007, 09h53

Richard <rgrdev@gmail.com> writes:

> Please as this is driving me nuts. There follows my
> sites-available/defaults file. Notice the followsymlinks option in the
> root section and the "mydef" default redirection. mydef is a symbolic
> link to a web in my home directory.
>
> lrwxrwxrwx 1 root root 27 2007-02-11 09:04 mydef -> /home/richard/web
>

Problem solved *slaps head*,

"chmod 755 ~"

Q: what is the best way in linux to give permission to apache to read my
home dir but no one else?

Create a "dbfriends" group and add myself and apache to it? What is
apaches user name? www-data?

This is all new to me.

11/02/2007, 10h05

On 2007-02-11, Richard <rgrdev@gmail.com> wrote:
> Q: what is the best way in linux to give permission to apache to read my
> home dir but no one else?

Unless you run apache as a user that can read your dirs, none. The point
is, if apache can read your dirs/files, everybody will. If you have
this kind of problems, don't put your homedir on the web. Make a directory
under the www-root, give full permissions to it (chmod 755), assign
ownership to yourself, and make a symlink _from_ your home dir to this
directory so you can write in it like it was in your home dir. No need
for the 'follow sym link' bit and maximum security: nobody will read your
home dir 'cause is not there.

Just remember to give full read permissions to all the files and dirs
you create in there (chmod 755/644).

Davide

--
A woman is an occasional pleasure but a cigar is always a smoke.
-- Julius Henry "Groucho" Marx (http://en.wikiquote.org/wiki/Groucho_Marx)

11/02/2007, 09h36	#1
Richard Messages: n/a Hébergeur:	followsymlinks not working Please as this is driving me nuts. There follows my sites-available/defaults file. Notice the followsymlinks option in the root section and the "mydef" default redirection. mydef is a symbolic link to a web in my home directory. lrwxrwxrwx 1 root root 27 2007-02-11 09:04 mydef -> /home/richard/web Yet when I try to access localhost I get: "You don't have permission to access /mydef on this server." The error log says: "[Sun Feb 11 10:33:46 2007] [error] [client 127.0.0.1] Symbolic link not allowed: /var/www/mydef" Where have I gone wrong? Is something elsewhere overriding my followsymlinks option? (yes, I did restart apache). ,---- \| NameVirtualHost * \| <VirtualHost *> \| ServerAdmin webmaster@localhost \| \| DocumentRoot /var/www/ \| \| <Directory /var/www/> \| Options Indexes FollowSymLinks MultiViews \| AllowOverride None \| Order allow,deny \| Allow from all \| # Uncomment this directive is you want to see apache2's \| # default start page (in /apache2-default) when you go to / \| # RedirectMatch ^/$ /apache2-default/ \| RedirectMatch ^/$ /mydef/ \| </Directory> \| \| ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ \| <Directory "/usr/lib/cgi-bin"> \| AllowOverride None \| Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch \| Order allow,deny \| Allow from all \| </Directory> \| \| ErrorLog /var/log/apache2/error.log \| \| # Possible values include: debug, info, notice, warn, error, crit, \| # alert, emerg. \| LogLevel warn \| \| CustomLog /var/log/apache2/access.log combined \| ServerSignature On \| \| Alias /doc/ "/usr/share/doc/" \| <Directory "/usr/share/doc/"> \| Options Indexes MultiViews FollowSymLinks \| AllowOverride None \| Order deny,allow \| Deny from all \| Allow from 127.0.0.0/255.0.0.0 ::1/128 \| </Directory> \| \| </VirtualHost> `---- --

11/02/2007, 09h53	#2
Richard Messages: n/a Hébergeur:	Re: followsymlinks not working Richard <rgrdev@gmail.com> writes: > Please as this is driving me nuts. There follows my > sites-available/defaults file. Notice the followsymlinks option in the > root section and the "mydef" default redirection. mydef is a symbolic > link to a web in my home directory. > > lrwxrwxrwx 1 root root 27 2007-02-11 09:04 mydef -> /home/richard/web > Problem solved slaps head, "chmod 755 ~" Q: what is the best way in linux to give permission to apache to read my home dir but no one else? Create a "dbfriends" group and add myself and apache to it? What is apaches user name? www-data? This is all new to me.

11/02/2007, 10h05	#3
Davide Bianchi Messages: n/a Hébergeur:	Re: followsymlinks not working On 2007-02-11, Richard <rgrdev@gmail.com> wrote: > Q: what is the best way in linux to give permission to apache to read my > home dir but no one else? Unless you run apache as a user that can read your dirs, none. The point is, if apache can read your dirs/files, everybody will. If you have this kind of problems, don't put your homedir on the web. Make a directory under the www-root, give full permissions to it (chmod 755), assign ownership to yourself, and make a symlink _from_ your home dir to this directory so you can write in it like it was in your home dir. No need for the 'follow sym link' bit and maximum security: nobody will read your home dir 'cause is not there. Just remember to give full read permissions to all the files and dirs you create in there (chmod 755/644). Davide -- A woman is an occasional pleasure but a cigar is always a smoke. -- Julius Henry "Groucho" Marx (http://en.wikiquote.org/wiki/Groucho_Marx)

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email