LAMP webserver pattern
Apache/2.4.51 (Linux/SUSE)
the access_compat_module (shared) is loaded
using the default apache2 site of /srv/www/htdocs with no change to any .conf file - working
browser displays ‘It Works!’
then change to using a symbolic link
ln -s htdocs htd
host01:/srv/www # l
total 4
drwxr-xr-x 1 root root 32 Jun 12 13:31 ./
drwxr-xr-x 1 root root 6 Jun 8 11:08 …/
drwxr-xr-x 1 root root 0 Mar 15 2022 cgi-bin/
lrwxrwxrwx 1 root root 6 Jun 12 13:31 htd → htdocs/
drwxr-xr-x 1 root root 62 Jun 8 11:08 htdocs/
And change the apache2 default-server.conf
from
DocumentRoot “/srv/www/htdocs”
Configure the DocumentRoot
<Directory “/srv/www/htdocs”>
Options None
AllowOverride None
# Controls who can get stuff from this server.
<IfModule !mod_access_compat.c>
Require all granted
Order allow,deny
Allow from all
to
DocumentRoot “/srv/www/htd”
Configure the DocumentRoot
<Directory “/srv/www/htd”>
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
the browser gets a
Access forbidden!
You don’t have permission to access the requested directory. There is either no index document or the directory is read-protected.
If you think this is a server error, please contact the webmaster.
Error 403
the apache error log states
[core:error] [pid 13442] [client 172.16.150.0:57093] AH00037: Symbolic link not allowed or link target not accessible: /srv/www/htd
no rights have changed - nothing changed exept the symbolc link & the document root directory
Who are the owners on the source directory and the symlink? From what little I’ve been able to find, the owner of the symlink needs to match the owner of the directory or Apache won’t have access. You might be able to use the -SymLinksIfOwnerMatch option to override this behavior.
Can you please use the </> button from the post editor?
Select the piece of code you show and then click that. Only so can we see the formatted text as you see them on your terminal.
Example:
henk@boven:~/test/bestanden> l
total 336
drwxr--r-- 2 henk wij 4096 Feb 24 2018 ./
drwxr-xr-x 8 henk wij 4096 Jan 21 14:15 ../
-rw-r--r-- 1 henk wij 3964 May 10 2013 ASH.html
-rw-r--r-- 1 henk wij 122 May 10 2013 WARNING_README.txt
-rw-r--r-- 1 henk wij 84 Feb 24 2018 doubles
-rw-r--r-- 1 henk wij 796 May 10 2013 index.html
-rw-r--r-- 1 henk wij 157943 May 10 2013 verf.gif
-rw-r--r-- 1 henk wij 157943 May 10 2013 verf.jpeg
henk@boven:~/test/bestanden>
I’ve spent a little time today trying to figure this out, and as near as I can tell, the failure is coming because the DocumentRoot is a symlink. Even looking at the system-level calls, I see that it’s parsing the path object by object: first /srv/www/htd/ (as written in my default-server.conf file, I tried both with and without a tailing slash), then /srv, /srv/www, and then /srv/www/htd. I see it running the lstat() system call, and then immediately after that it generates the access error log entry and generates the error page.
The differentiation between the second to last and last call of lstat() is that it notes the mode is S_IFDIR|0755 (ie, a directory with permissions 755 on it) for /srv/www and the mode is S_IFLNK|0777 for /srv/www/htd. It seems clear that there’s something deciding to throw the access error, but I don’t see what in the call trace (that’s probably being handled by another thread).
But I’m not seeing why it’s failing. I’m hesitant to call it a bug, but it might be worth opening a bug in bugzilla to get more information from the developers (and if it is a bug, it’s something that probably should be fixed).
Is there something that prevents you from just renaming the directory and using it that way?
I can use the the web app without a symbolic link. The symbolic link is in the install instructions and aids in updating the web app.
I’ll install the web app directly without the symbolic link.