Why does httpd give an error following a symlink into my home directory on Fedora?
Solution 1
The answer to this question is to have the symlink owned by the owner of the file/directory it is pointing to.
This additional step was introduced as a patch (which only Fedora is applying or so it would appear).
Reading the Apache source (which I had to do because there is no answer on the web that I could find, and this comes closest to it.) it appears that OPT_SYM_OWNER is the culprit and this is has caught you (and me) out.
The fix is to chown -h myuser:mygroup <the_symlink> where myuser:mygroup are the same as the destination file/directory.
Solution 2
I had it working with the message from SELinux:
SELinux is preventing httpd from read access on the directory *****.
***** Plugin catchall_boolean (89.3 confidence) suggests ******************
If you want to allow httpd to read user content Then you must tell SELinux about this by enabling the 'httpd_read_user_content' boolean.
...
Do
setsebool -P httpd_read_user_content 1
Solution 3
Verify symlinks are enabled inside apache itself. Apache doesn't necessarily allow for symlink redirection, even when permissions are fine.
<Directory /var/www/myapp>
Options +FollowSymLinks
AllowOverride All
...
</Directory>
Solution 4
Assuming that FollowSymLinks is set correctly set, I suppose that the problem is that your home directory does not allow anyone else to traverse into it (Do the parent directory's permissions matter when accessing a subdirectory?). That's the default on Fedora; it looks like the default on Ubuntu is more permissive, which is why switching to that worked.
Assuming that this is the case, the error message isn't the most informative, but it's also not wrong.
I appreciate that you're frustrated, but I don't think anything really mysterious is going on here, nor is anything particularly wrong; the Fedora default is just more secure/privacy-sensitive out of the box. (For the record, it's also fairly easy to get this working with SELinux enabled and giving you an extra layer of protection, if you want to.)
So, disclaimer: I work on Fedora, and it'd be awesome if everyone used Fedora — but it's okay if they don't; it's a big Linux world. However, here's the thing... Sooner or later, you're going to find something like this in Ubuntu, where a weird error message doesn't tell the whole story. And it may be that chucking that out the window and going to Arch or openSUSE or $flavoroftheday — or even back to Fedora — solves your problem, just because we've got a slightly different configuration. But how long until the next such problem? I know you really want to just get your work done and not have your computer get in the way, but ultimately, getting angry and switching everything is going to result in more work.
Related videos on Youtube
13 : 30
08 : 19
![Linux commands: [ls] How to list directory contents](https://i.ytimg.com/vi/dtkNpukta4Y/hqdefault.jpg?sqp=-oaymwEcCOADEI4CSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLCm_R8Av8tkB51lSk0daS6Oi3lHBQ)
11 : 12
09 : 03
07 : 11
23 : 59
03 : 18
Mr.TK
Updated on September 18, 2022Comments
-
Mr.TK almost 2 years
I've just re-enabled an app after OS change. Symbolic link to it is located of course in /var/www/myapp . After changing permissions to 0775 (even 0777 temporary), changing owner to apache:myuser, myuser:apache, myuser:myuser and apache:apache and disabling SELinux - I had enough. Nothing works and I still get the irritating message:
Forbidden You don't have permission to access / on this server
error log:
[client 127.0.0.1:38050] AH00037: Symbolic link not allowed or link target not accessible: /var/www/myapp
I am totally pissed on this situation wasted almost entire evening and half of night :/
The /var/www/myapp and all files inside are 775 and have apache:apache running.
I also tried to reinstal httpd, php and it's apache modules, surfed entire www and nothing. :/ Need help ASAP please!
EDIT: I've forgot to mention - /var/www/myapp is symbolic link to /home/myfolder/projects/myapp <--- this has been chmod'ed and chown'ed as well.
EDIT 2:
Now I've added User and group as "my user" in conf/httpd.conf so allow it to write in my home folder and symlink error is no more but still the apache cannot write to the folder that my user is owner of... Also tried to mix my user with apache user in conf/httpd.conf and setting similar privileges to /home/.../myapp. One big W T F with RedHat distributions!! It's not first time that privileges are ignored like this in my case. :/
EDIT 3: I resolved my problem by removing the Fedora OS and installing UBUNTU :D , works like a charm. Same privileges, same files - no problem with symlinks or writing to apache:my_user... I don't get it... -_-
-
Mark Plotnick over 9 yearsWhen you say "apache cannot write to the folder", do you mean that a CGI program such as a php script cannot write to a file or create a file in a certain folder? If so, can you show us the code that fails and the error message?
-
Mr.TK over 9 yearsYes, php script cannot write to it, but the problem is no more... Reason in my EDIT 3.
-
-
Mr.TK over 9 yearsFrom very beginning this option has been set like this: Options Indexes FollowSymLinks MultiViews
-
Mr.TK over 9 yearsAlso, could You read my two edits in Question? Thanks in advance for Your help. :)
-
Mr.TK over 9 yearsThank You for your great answer. I just have installed fedora on friday night, loved the graphical interface, loved the speed on that OS ( everything seemed to work really fast ), loved the fact that chrome and other tools were not unstable like on ubuntu. But as You have noticed, I had job to do, so I was forced to go back to Ubuntu. Maybe one day I'll get back to this question and fix the bothering me problem, to fulfill my duty for Fedora for being such an awesome OS. :) Thanks again mattdm. :)
-
aemonge over 5 yearsIf for ~what ever~ reason you can't successfully change the permission. You can also create the symlink with sudo.sudo -u myHttpUser ln -s <target> <link>Hope this helps!