Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Dec 2004 13:24:56 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Richard Collyer <richard@firebadger.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Apache Symbolic Link Error
Message-ID:  <41D401A8.7020502@infracaninophile.co.uk>
In-Reply-To: <20041229184434.46EA.RICHARD@firebadger.net>
References:  <20041229184434.46EA.RICHARD@firebadger.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigCB75E28202AE0AE3674481B6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Richard Collyer wrote:

> I'm trying to get apache to use users areas. If I use a dir named
> public_html in the users area then it works fine. If I try and use a sym
> link to link to another folder then it refuses to work. I get a "403
> Forbidden - You don't have permission to access /~richard/test.html on
> this server."

That's because although you've configured Apache to follow sym-links, 
you haven't configured it to serve content from where you're linking 
*too*.   ie. Somewhere you need a

<Directory /home/httpd/vhosts/users/*/www>
  ...
</Directory>

section.


> I'm using the following /home/richard/public_html to point to
> /home/httpd/vhosts/users/richard/www/
> 
> the sym link perms are: lrwxr-xr-x  1 richard  www           37 Dec 29 19:39 public_html -> /home/httpd/vhosts/users/richard/www/
> 
> the folder perms are: drwxrwx---  2 richard  www  512 Dec 29 19:10 www
> 
> and the settings in my httpd.conf are:
> 
> # Ive tried it with both FollowSymLinks and SymLinksIfOwnerMatch but
> both produce same response.

As others have mentioned, FollowSymLinks is not an Option you should 
apply to user areas without due care and attention.  In your case, if 
all of your user areas are going to be under 
/home/httpd/vhosts/users/${USER}/www, then configure /~user/ URLs to go 
straight there:

     UserDir /home/httpd/vhosts/users/*/www

See:

     http://httpd.apache.org/docs/mod/mod_userdir.html#userdir

Note the importance of using

     UserDir disabled root

(Or preferably disable it for all and then only enable for the specific 
people that should have this capability).

	Cheers,

	Matthew


-- 
Dr Matthew J Seaman MA, D.Phil.                       8 Dane Court Manor
                                                       School Rd
PGP: http://www.infracaninophile.co.uk/pgpkey         Tilmanstone
Tel: +44 1304 617253                                  Kent, CT14 0JL UK

--------------enigCB75E28202AE0AE3674481B6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQCVAwUBQdQBrZr7OpndfbmCAQIfJwQA2W3eLwTy/lRRHE3p381V0uNMeuUuX8Za
+9I6UPVxxdy1x3TYQaNtIgSQgnPU/ff2ebwguWxQRzHqO+9ux3nKy0ubjopaLzk9
ZSass2pyV8rH1KKsUKNJtELoD7sjHyUNxgGUC+pUvog0vs+1b8SuH02ldtYNbVgy
lmFoWMb02RU=
=Misi
-----END PGP SIGNATURE-----

--------------enigCB75E28202AE0AE3674481B6--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41D401A8.7020502>