apache wont follow symlinks | 403 permission denied

permissions apache-2.4 http-status-code-403 symlink ubuntu-14.04

8,468

When it comes to permissions, I think you got it backwards. Adding user me to www-data does not help, you should add Apache's user to me users group.

Also if you changed only the group rights of /home/me/myWebDirectory, that is not sufficient if /home/me is inaccessible by www-data group. Make sure that users with www-data group can enter /home/me directory itself.

For more granular approach, take a look at POSIX ACL.

8,468

Author by

LauDem

Updated on September 18, 2022

Comments

LauDem almost 2 years
im using Ubuntu 14.04, and got problem with apache configuration:

i created a Symlink in /var/www/html (the apache DocRoot since Ubuntu 14.04) torwards /home/me/myWebDirectory
- cd /var/www/html
- ln -s /home/me/myWebDirectory myWebDirectory
but localhost/myWebDirectory renders a

403-permission denied

and in fact, sudo -u www-data ls /home/me/myWebDirectory returns a permission denied too

apache2.conf had following directive :
```
    <Directory /var/www>
           Options Indexes FollowSymLinks
           AllowOverride None
           Require all granted
 </Directory>
```
i changed it for <Directory /var/www/html>

but no result.

i tried to add the me user to www-data group with following command but it didnt help either : sudo usermod -a -G www-data me

what is it that i miss ??

EDIT: i changed the group of /home/me/myWebDirectory into www-data with rx rights, but no success either...

NB 1: i know there's another way to do it, while activating the apache mod_userdir and that's probably what i'll be going to do next. But first i'd like to understand how to make this "simple" solution work...

NB 2: i know as well i could create a VirtualHost and so on, but again, i'd like first to understand why this simple (first and temporary) solution won't work...
LauDem about 10 years

OK i did deluser me www-data then adduser www-data me to add apache user in the me group. Fyi, ls -lR /home/me/myWebDir returns for all : -rwxr-xr-x me me testfile (example given for a file obviously) while ls -l /var/www/html displays my Symlink : lrwxrwxrwx root root myWebDir -> /home/me/myWebDir. Tho the result is still the same : 403-Permission denied
Janne Pikkarainen about 10 years

... and how about stat /home/me?
LauDem about 10 years

returns Accès : (0700/drwx------) so if i get u right, i need give read access to the me group ?
Janne Pikkarainen about 10 years

That's what I said in my original answer. :) At minimum chown me:www-data /home/me && chmod 710 /home/me, or better yet, those POSIX ACLs. But, as a light-weight solution, the one I just typed up.
LauDem about 10 years

the lightweight solution will do it for a while, thx very very much! I put this ticket to "solved" status! Just for my general understanding, if i add the www-data user to the me users group and chmod g+r /home/me, it doesnt work, while if i chown me:www-data /home/me, it works. Does it mean apache is using more than one user?