Symbolic link trouble in Apache 1.30

Symbolic link trouble in Apache 1.30

Post by Thad Humphri » Fri, 18 Sep 1998 04:00:00



I've got Apache 1.30 on a Sun Sparc 2.6 here and I'm having trouble
accessing my development CGI directory.  At the start of access.conf is
the default

    <Directory />
    Options None
    AllowOverride None
    </Directory>

My problem: except for the Apache CGI directory, I can't get CGIs to run
elsewhere.  (When I comment this default <Directory> out, the CGIs work
fine.)

At the bottom of access.conf, I put in

    <Directory /usr/local/etc/betatest/cgi-bin>
    Options FollowSymLinks ExecCGI Includes
    AllowOverride None
    order allow,deny
    allow from all
    </Directory>

ScriptAlias in srm.conf is

    ScriptAlias /beta-cgi-bin/ /usr/local/etc/betatest/cgi-bin/

/usr/local is a softlink to /var/local which contains etc.
/usr/local/etc/betatest is a softlink that points to /home/devel/betatest
where cgi-bin is located.  All directories, links, and CGIs have at least
r-x permissions for world.  When I set ScriptAlias to
/home/devel/betatest/cgi-bin, the CGI's work fine but I want to go in by
this link.

In error_log, the message reads "Symbolic link not allowed: /usr/local/"

I've tried variations on my <Directory> -- removing Options, removing
AllowOverride, with/without trailing '/', etc.  I've even added <Directory
/usr/local> and <Directory /var/local> but with no luck.

Any ideas?  I like the idea of the security provide by the default
<Directory> directive but what am I missing in adding my own?

---------------------------------------------------------------------
Thad Humphries                  "'Open Systems' means no fences. And
Software Engineer                 no fences means no use for Gates."
Phone: 540/675-3015                                - Sun Microsystems

 
 
 

Symbolic link trouble in Apache 1.30

Post by Marc Slemk » Fri, 18 Sep 1998 04:00:00



Quote:>I've got Apache 1.30 on a Sun Sparc 2.6 here and I'm having trouble
>accessing my development CGI directory.  At the start of access.conf is
>the default
>    <Directory />
>    Options None
>    AllowOverride None
>    </Directory>

Your options directive says that symbolic links shouldn't be followed
in or below '/'.

Quote:>My problem: except for the Apache CGI directory, I can't get CGIs to run
>elsewhere.  (When I comment this default <Directory> out, the CGIs work
>fine.)
>At the bottom of access.conf, I put in
>    <Directory /usr/local/etc/betatest/cgi-bin>
>    Options FollowSymLinks ExecCGI Includes

You say they should be in or below '/usr/local/etc/betatest/cgi-bin'.

/usr/local is not below the above, it is below '/', so symbolic links
can't be followed there so Apache properly denies it.

 
 
 

Symbolic link trouble in Apache 1.30

Post by Thad Humphri » Sat, 19 Sep 1998 04:00:00


Marc--

Thanks a heap!  And a stack!  I believe I learn more from your postings
than I do any other 3 people here.  Sure as heck beats any commercial tech
spt line I've called.



(Thad Humphries) writes:

> >I've got Apache 1.30 on a Sun Sparc 2.6 here and I'm having trouble
> >accessing my development CGI directory.  At the start of access.conf is
> >the default

> >    <Directory />
> >    Options None
> >    AllowOverride None
> >    </Directory>

> Your options directive says that symbolic links shouldn't be followed
> in or below '/'.

> >My problem: except for the Apache CGI directory, I can't get CGIs to run
> >elsewhere.  (When I comment this default <Directory> out, the CGIs work
> >fine.)

> >At the bottom of access.conf, I put in

> >    <Directory /usr/local/etc/betatest/cgi-bin>
> >    Options FollowSymLinks ExecCGI Includes

> You say they should be in or below '/usr/local/etc/betatest/cgi-bin'.

> /usr/local is not below the above, it is below '/', so symbolic links
> can't be followed there so Apache properly denies it.

It worked nicely.  I put in my access.conf

    <Directory /usr>
    Options FollowSymLinks
    AllowOverride None
    order allow,deny
    allow from all
    </Directory>

    <Directory /usr>
    deny from all
    </Directory>

    <Files /usr/local>
    allow from all
    </Files>

followed by the directives for my CGI and JavaScript directories.  Thus I
can get to my CGI and JS with no trouble but no where else.  I tested
*that* by creating an alias to /usr/man (also a softlink) and was refused
in all attempts to view a man page in my browser with thinks akin to
"denied by server configuration: /usr/man/man1/cp.1" in my error_log.

Again, many thanks.  Hope to meet you at ApacheCon.

---------------------------------------------------------------------
Thad Humphries                  "'Open Systems' means no fences. And
Software Engineer                 no fences means no use for Gates."
Phone: 540/675-3015                                - Sun Microsystems

 
 
 

1. Too many symbolic links, Symbolic link loop

Hello,

I'm fighting with a FreeBSD machine. Roughly what I'm up to: I clean
installed FreeBSD, with the DES option. The goal is to set up an Apache
on the machine. Then I performed a rdist from a BSDI machine, importing
stuff like password file, user directories, user quotas, shells. The
Apache works
just fine, but when I try to run Perl I get stuck with the error
message:
"Too many symbolic links" (under bash), "Symbolic link loop" (under sh).
I've
scanned through my symbolic links w/o finding something striking.
Basically, the
links I have are "shortcuts to shells", some links to user logs...
Anyone seen this kind of problem? Anyone solved it? How?

        Cheers

                Michael
--
Michael Hallgren, Easynet France
Write : http://www.loria.fr/tex
Play : http://www.perl.com/perl

2. redirecting hdimage to a drive letter in dosemu. Possible?

3. Apache cgi symbolic links

4. Asus A7V8X drivers needed (sound + lan)

5. /home as symbolic link breaks Apache

6. gnome support

7. apache does not follow symbolic link above /home/httpd/html?

8. cron problems

9. Redirect"301" Warnings, symbolic links, Apache and Internet Explorer

10. apache 1.3.24 htaccess/symbolic link problem

11. Access symbolic links by Apache

12. Symbolic links to cgi-bin in Apache?

13. UNIX symbolic links and Apache