403 Forbidden on symbolic links - totally won't do it.

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

403 Forbidden on symbolic links - totally won't do it.

timothylegg .
I have spent the past two hours trying to find the magic needed to get
my external drive symlink to be part of a friend's website.  I've
never been able to do this in the past and have simply reinstalled
linux on larger and larger volumes as a solution to running out of
free space, but I'm simply too busy to deal with a reinstall this
month.

I get a 403 Forbidden error at https://sellfam.com/minecraft/www/

I told it to follow symlinks in the sites-available files and it
should just work, but doesn't...  What on earth is wrong?  Oh yes, I
did remember to restart apache2 as well.

I really don't understand the paranoia surrounding symlinks in the
first place...  It's not like people make them by accident; they are
also files and all files should be treated the same.  I just want this
to work, it doesn't have to be this hard.

##sellfam_com_80.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/sellfam.com/public/
#<Directory /home/legg/extra/www/>   ### <--  This didn't work
<Directory />                                 ###  <--neither did this
   Options FollowSymLinks   ###  <-- I told it to follow symbolic
links two different ways
   AllowOverride None
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName sellfam.com
ServerAlias www.sellfam.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.sellfam.com [OR]
RewriteCond %{SERVER_NAME} =sellfam.com
RewriteRule ^ <a href="https://%">https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

#sellfam_com_443.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/sellfam.com/public/
#    <Directory /home/legg/extra/www/>
<Directory />
Options FollowSymLinks   ###   <---  I did the same here too
AllowOverride None
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName sellfam.com
ServerAlias www.sellfam.com
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/sellfam.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sellfam.com/privkey.pem
</VirtualHost>
</IfModule>

And look, the permissions can't be any more relaxed than this...

# ls -al minecraft/
total 12
drwxr-xr-x 2 www-data www-data 4096 Jun  1 16:04 .
drwxr-xr-x 6 www-data www-data 4096 Jun  1 15:57 ..
-rw-r--r-- 1 root     root        6 Jun  1 16:04 hello.txt
lrwxrwxrwx 1 www-data www-data   21 Jun  1 15:57 www -> /home/legg/extra/www/

I have the ownership correct too.

 ls -al /home/legg/extra/www
total 272
drwxr-xr-x 5 www-data www-data   4096 Jun  1 15:54 .
drwxrwxr-- 5 legg     legg       4096 Jun  1 14:43 ..
-rw-r--r-- 1 www-data www-data     44 Jun  1 15:43 baseMarkers.js
-rw-r--r-- 1 www-data www-data    631 Jun  1 15:43 bed.png
-rw-r--r-- 1 www-data www-data   3947 Jun  1 15:43 compass_lower-left.png
-rw-r--r-- 1 www-data www-data   3955 Jun  1 15:43 compass_lower-right.png
-rw-r--r-- 1 www-data www-data   3960 Jun  1 15:43 compass_upper-left.png
-rw-r--r-- 1 www-data www-data   3952 Jun  1 15:43 compass_upper-right.png
drwxr-xr-x 2 www-data www-data   4096 Jun  1 15:43 icons
drwxr-xr-x 2 www-data www-data   4096 Jun  1 15:43 images
-rw-r--r-- 1 www-data www-data   1013 Jun  1 15:43 index.html
-rw-r--r-- 1 www-data www-data  14198 Jun  1 15:43 leaflet.css
-rw-r--r-- 1 www-data www-data 139643 Jun  1 15:43 leaflet.js
-rw-r--r-- 1 www-data www-data   3255 Jun  1 15:43 overviewer.css
-rw-r--r-- 1 www-data www-data  40101 Jun  1 15:43 overviewer.js
-rw-r--r-- 1 www-data www-data   1977 Jun  1 15:43 overviewerConfig.js
-rw-r--r-- 1 www-data www-data    714 Jun  1 15:43 regions.js
-rw-r--r-- 1 www-data www-data    257 Jun  1 15:43 signpost-shadow.png
-rw-r--r-- 1 www-data www-data    518 Jun  1 15:43 signpost.png
-rw-r--r-- 1 www-data www-data    171 Jun  1 15:43 signpost_icon.png
drwx------ 6 www-data www-data   4096 Jun  1 15:27 world-lighting

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: 403 Forbidden on symbolic links - totally won't do it.

Eric Covener
> I get a 403 Forbidden error at https://sellfam.com/minecraft/www/
>
> I told it to follow symlinks in the sites-available files and it
> should just work, but doesn't...  What on earth is wrong?  Oh yes, I
> did remember to restart apache2 as well.

What does the error log say?

> Options FollowSymLinks   ###   <---  I did the same here too
Probably better to do +FollowSymlinks and not be implicitly unsetting
all other options.

Finally, have you considered just adding an Alias and a corresponding
<Directory> section?

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: 403 Forbidden on symbolic links - totally won't do it.

timothylegg .
These are access.log and error.log entries.

I added the + to the FollowSymLinks and no obvious change occurred,
These resemble the same errors before modifying the file. I remembered
to restart apache2.

87.138.223.233 - - [02/Jun/2019:11:35:08 +0200] "GET
/minecraft/www/index.php HTTP/1.1" 403 3852 "-" "Mozilla/5.0 (X11;
Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0"

[Sun Jun 02 11:35:08.859778 2019] [core:error] [pid 17274] [client
87.138.223.233:38826] AH00037: Symbolic link not allowed or link
target not accessible: /var/www/sellfam.com/public/minecraft/www

I don't know what you mean by adding an alias to a directory section.

Last night, I remembered I did get this to work once on a FreeBSD 4
box back in 2000 where I made symbolic links to user home directories,
but that was Apache 1.3 and it was compiled from source.  But some 10
years later, from a Debian package, I never could get it to work and
finally upgraded to a 160GB hard disk so there were some substantial
changes to what was allowed by default.  The structure of Apache
configuration was exploded into a complexity that I'd have to totally
relearn everything since shutting my old webserver down.  It seems as
if my old Piper Cub turned into a Boeing 727.

On Sat, Jun 1, 2019 at 5:18 PM Eric Covener <[hidden email]> wrote:

>
> > I get a 403 Forbidden error at https://sellfam.com/minecraft/www/
> >
> > I told it to follow symlinks in the sites-available files and it
> > should just work, but doesn't...  What on earth is wrong?  Oh yes, I
> > did remember to restart apache2 as well.
>
> What does the error log say?
>
> > Options FollowSymLinks   ###   <---  I did the same here too
> Probably better to do +FollowSymlinks and not be implicitly unsetting
> all other options.
>
> Finally, have you considered just adding an Alias and a corresponding
> <Directory> section?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: 403 Forbidden on symbolic links - totally won't do it.

Frank Gingras
namei -mo /var/www/sellfam.com/public/minecraft/www will help you here. Check each path.

On Sun, 2 Jun 2019 at 05:47, timothylegg . <[hidden email]> wrote:
These are access.log and error.log entries.

I added the + to the FollowSymLinks and no obvious change occurred,
These resemble the same errors before modifying the file. I remembered
to restart apache2.

87.138.223.233 - - [02/Jun/2019:11:35:08 +0200] "GET
/minecraft/www/index.php HTTP/1.1" 403 3852 "-" "Mozilla/5.0 (X11;
Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0"

[Sun Jun 02 11:35:08.859778 2019] [core:error] [pid 17274] [client
87.138.223.233:38826] AH00037: Symbolic link not allowed or link
target not accessible: /var/www/sellfam.com/public/minecraft/www

I don't know what you mean by adding an alias to a directory section.

Last night, I remembered I did get this to work once on a FreeBSD 4
box back in 2000 where I made symbolic links to user home directories,
but that was Apache 1.3 and it was compiled from source.  But some 10
years later, from a Debian package, I never could get it to work and
finally upgraded to a 160GB hard disk so there were some substantial
changes to what was allowed by default.  The structure of Apache
configuration was exploded into a complexity that I'd have to totally
relearn everything since shutting my old webserver down.  It seems as
if my old Piper Cub turned into a Boeing 727.

On Sat, Jun 1, 2019 at 5:18 PM Eric Covener <[hidden email]> wrote:
>
> > I get a 403 Forbidden error at https://sellfam.com/minecraft/www/
> >
> > I told it to follow symlinks in the sites-available files and it
> > should just work, but doesn't...  What on earth is wrong?  Oh yes, I
> > did remember to restart apache2 as well.
>
> What does the error log say?
>
> > Options FollowSymLinks   ###   <---  I did the same here too
> Probably better to do +FollowSymlinks and not be implicitly unsetting
> all other options.
>
> Finally, have you considered just adding an Alias and a corresponding
> <Directory> section?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]