1212372 – Symbolic link not allowed or link target not accessible

Bug 1212372 - Symbolic link not allowed or link target not accessible

Summary: Symbolic link not allowed or link target not accessible

Status:	RESOLVED INVALID

Alias:	None

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Apache (show other bugs)
Version:	Leap 15.4
Hardware:	x86-64 openSUSE Leap 15.4

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	E-mail List
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-06-14 14:34 UTC by John Goutbeck
Modified:	2024-07-01 15:41 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Goutbeck 2023-06-14 14:34:15 UTC

New install
opensuse 15.4

LAMP webserver pattern
Apache/2.4.51 (Linux/SUSE)
the access_compat_module (shared) is loaded
using the default apache2 site of /srv/www/htdocs with no change to any .conf file - working

browser displays ‘It Works!’
then change to using a symbolic link

ln -s htdocs htd

host01:/srv/www # l
total 4
drwxr-xr-x 1 root root 32 Jun 12 13:31 ./
drwxr-xr-x 1 root root 6 Jun 8 11:08 …/
drwxr-xr-x 1 root root 0 Mar 15 2022 cgi-bin/
lrwxrwxrwx 1 root root 6 Jun 12 13:31 htd → htdocs/
drwxr-xr-x 1 root root 62 Jun 8 11:08 htdocs/

And change the apache2 default-server.conf

from
DocumentRoot “/srv/www/htdocs”

Configure the DocumentRoot
<Directory “/srv/www/htdocs”>
Options None
AllowOverride None
# Controls who can get stuff from this server.
<IfModule !mod_access_compat.c>
Require all granted


Order allow,deny
Allow from all

to
DocumentRoot “/srv/www/htd”

Configure the DocumentRoot
<Directory “/srv/www/htd”>
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
the browser gets a

Access forbidden!
You don’t have permission to access the requested directory. There is either no index document or the directory is read-protected.

If you think this is a server error, please contact the webmaster.

Error 403

the apache error log states
[core:error] [pid 13442] [client 172.16.150.0:57093] AH00037: Symbolic link not allowed or link target not accessible: /srv/www/htd

no rights have changed - nothing changed exept the symbolc link & the document root directory

What is the issue? What to do to fix?

---
used the -SymLinksIfOwnerMatch option to override this behavior.

host01:/srv/www # l
total 4
drwxr-xr-x 1 root root 32 Jun 12 13:41 ./
drwxr-xr-x 1 root root 6 Jun 8 11:08 …/
drwxr-xr-x 1 root root 0 Mar 15 2022 cgi-bin/
lrwxrwxrwx 1 wwwrun www 6 Jun 12 13:31 htd → htdocs/
drwxr-xr-x 1 root root 62 Jun 8 11:08 htdocs/
host01:/srv/www # l htdocs/
total 12
drwxr-xr-x 1 root root 62 Jun 8 11:08 ./
drwxr-xr-x 1 root root 32 Jun 12 13:41 …/
-rwxr-xr-x 1 wwwrun www 302 Jul 23 2008 favicon.ico*
-rwxr-xr-x 1 wwwrun www 45 Jun 11 2007 index.html*
-rwxr-xr-x 1 wwwrun www 26 Mar 15 01:50 robots.txt*

DocumentRoot “/srv/www/htd”

<Directory “/srv/www/htd”>
Options +Indexes +FollowSymLinks -SymLinksIfOwnerMatch
Order allow,deny
Allow from all

Still the browser has Access forbidden!
and the error log has ‘AH00037: Symbolic link not allowed or link target not accessible: /srv/www/htd’

Any other suggestions?

---
What happens if you remove the symlink and just rename the htdocs directory to htd?

If that works, rename it back, and try creating a new directory called htd and put some files in it - see if that works.

rm htd
mv htdocs htd - browser displays ‘It works!’
mv htd htdocs
mkdir htd - browser displays ‘Index of’ - with no files listed
cp htdocs/* htd/ - browser displays ‘It works!’
rm -r htd
ln -s htdocs htd - browser displays ‘Access forbidden!’

This issue/bug has been in the Apache2 system for a long time.
Various fixes are presented on the web, but still does not work on a new simple  install.

Comment 1 John Goutbeck 2023-06-15 21:25:16 UTC

With my test sym link directory htd, added this to the default-server.conf
---
# Make sure that symlink /srv/www does not make problems
<Directory /srv/www>
  Options +FollowSymlinks
</Directory>
---
and now the browser displays ‘It Works!’

So why does the directory of one above need to be in the conf?

Comment 2 David Anes 2024-07-01 15:41:18 UTC

(In reply to John Goutbeck from comment #1)
> With my test sym link directory htd, added this to the default-server.conf
> ---
> # Make sure that symlink /srv/www does not make problems
> <Directory /srv/www>
>   Options +FollowSymlinks
> </Directory>
> ---
> and now the browser displays ‘It Works!’
> 
> So why does the directory of one above need to be in the conf?

Because 'htd' is within '/srv/www' and because default configuration is NOT to follow symlinks, then 'htd' is not accessible.

By setting the parent path '/srv/www' with FollowSymlinks, then 'htd' is reachable. This is clearly stated in the documentation:

https://httpd.apache.org/docs/2.4/mod/core.html#directory

> Enclose a group of directives that apply only 
> to the named file-system directory, sub-directories, and their contents.

I'm closing this one as invalid, but feel free to reopen if you find any other issue.