Curing ‘Symbolic link not allowed’ (Apache 2.0)

You are reading

June 14, 2007
In Unix/Linux
44 comments

Curing ‘Symbolic link not allowed’ (Apache 2.0)

This post was published 4 years 7 months 24 days ago which may make its actuality or expire date not be valid anymore. This site is not responsible for any misunderstanding.

Awhile back when trying to add a directory to Apache on my Ubuntu 6.06 LTS server, I ran into some issues. These issues, of course were the infamous 403 “Forbidden” error that your web barfs up when you try to access a server that is not publicly viewable, because of permission issues. I’m going to give you my scenario and explain how you can fix this issue, so that you don’t have to go through an hour of throwing your hands up in disgust.

The Scenario

In our example, out DocumentRoot (where all the HTML files are stored on the server) is /var/www/. This is the default on most Linux servers and can be a constant fuss when you don’t have that big of a partition for the /var directory. Things that can be done to prevent this is:

When installing the OS, add the /var mount-point to a larger disk/partition.
Add a new (larger) disk to the system, format it accordingly, migrate the old /var/ mount-point to the new partition and change the DocumentRoot in the Apache configuration. This requires backing up old files and pushing them to the new partition and reconfiguring a small part of Apache; could cause a lot of downtime.
Use symbolic links within the DocumentRoot.

As the shade of green emphasizes, we will be using symbolic links. Of course, this should be a very easy task, but can easily become a hassle to get working. Also note that we could have used the other choices above, but I chose the best solution to this problem. I’ll discuss how to set it up, and then I’ll explain how to fix the “Symbolic link not allowed” error found in your Apache error logs when you get the 403 error in your web browser.

Setting It All Up

To give you an idea of what has to be done, we will setup the symbolic links (which I will now refer to as symlinks) and make sure they point to the right directory and actually work. Then we will need to make the adjustments in the Apache configuration file so that the server will accept the symlinks; this will require an Apache restart, which really doesn’t create downtime for the user, unless something goes wrong. If all goes well, this is great. If you aren’t lucky enough to get it the first try, it probably isn’t your fault entirely, and I’ve got you covered with something that led me to the fix. Just a little sidenote, when I say fix, I don’t mean that there’s a bug in the system, I mean that we will resolve a very small issue that is often overlooked. Alright, now on with the good stuff!

Creating The Symlinks

First off, what is a symlink? A symlink is a special type of file, usually found in Unix, which refers to another file by its pathname. So in laymen terms, a symlink is a folder that is redirected to another folder on a Unix system. To those people that argue about my statement about Linux, I know symlinks can also be used in Windows, but that is another article to be written and is totally different from the Unix side.

Okay, so how do we set that symlink setup? This is extremely easy; we just need a few basic commands to get this done. The only thing we have to make sure of is that the destination target actually exists. After we create (or just make sure that the destination target exists) we create the symlink and then make sure it has become a symlink, which can easily be noticed by color or listing, which depends on your system. So, let’s create the destination directory (if needed):

mkdir /data/www/newdirectory

After the mkdir command you type in where you want your destination target to be at. This is just a folder that you will put regular files such as .html, .css, .php into; web content. I chose /data/www/newdirectory, but you should choose whatever you want. Remember, this is an if-needed basis. If you already know what you are wanting to create a symlink to and you are just wanting to create the symlink to the destination target keep on reading. Alright, now let’s create the symlink. If your DocumentRoot is the default /var/www/, you will want to create your symlink there. If you do not actually know your DocumentRoot is try running one of the following lines:

cat /etc/apache2/sites-enabled/000-default | grep "DocumentRoot"
cat /etc/httpd/conf/httpd.conf | grep "DocumentRoot"

This should actually output the DocumentRoot target. So, for simplicity sake, we will say that your DocumentRoot is located in /var/www/; this is the most commonly known default DocumentRoot. So, once in that directory we need to actually create the symlink:

cd /var/www/
ln -s /data/www/newdirectory/ mysymlink

The ln command stands for link and the -s makes it a symbolic (soft) link. It is alot safer to do a symbolic link rather than a hard link; if you delete a hard link, you also delete the actual files, not just the link. So how do you know if your symlink was actually created successfully. A simple ls command should do the trick:

ls

To find out if the symlink was a success, in our example, go to /var/www/ and type in:

ls -l /var/www/

You should then see something like this:

lrwxrwxrwx 1 ftpuser  ftp        21 2006-09-13 16:37 mysymlink -> /data/www/newdirectory/

You can also do an ls -l of the symlink, as you normally would a regular directory and you should see all the files as if they were in your /var/www/ directory, even though they are actually in /data/www/newdirectory/. If all goes well, then we have successfully setup our symlink. Now we have to configure Apache to allow these symlinks to work.

Editing Apache 2.0 Configuration File

In Debian systems such as Ubuntu, I have noticed that Apache uses the sites-enabled configuration. This means you must edit the sites within this directory for the changes to be effective. For other systems such as Red Hat you must edit the /etc/httpd/conf/httpd.conf. The default site in Ubuntu is 000-default, so when editing this file and your server is not using the sites-enabled configuration, Red Hat or any other users should probably edit /etc/httpd/conf/httpd.conf. If you have any issues with this, please let me know so I can update this article with additional details on how to do it for particular systems.

Let’s take a look at /etc/apache2/sites-enabled/000-default and add the correct configuration changes to allow for our symlinks to be used. You should add the following to your directive:

Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all

Now, restart Apache:

/etc/init.d/apache2 restart      # Debian/Ubuntu
service httpd restart              # Red Hat (easy)
/etc/init.d/httpd restart          # Red Hat (preferred)

Now that’s complete, you should now be able to access this, using our example by pointing your browser to http://yourdomain.com/mysymlink/. Did it work? If so, great! If not, let’s fix it!

Resolving the permission issues

To resolve this issue, more than likely, it is no longer an Apache issue anymore, as we have correctly configured Apache for SymLinks. More than likely, the cause of this issue is due to permissions on the filesystem. I’m going to stick with the example used here so that I don’t confuse anyone. We have been symlinking to the directory /data/www/newdirectory/. First off, make sure the files in the directory that you are symlinking are assigned to the group www-data (or whatever your Apache user’s group is) and make sure that they have read/execute permissions. If this does not resolve the issue, then it’s a little deeper than just a file, which is usually the case.

If you were symlinking the /data/www/newdirectory/, then the /data, /data/www, and the /data/www/newdirectory directories must have at least read access, so that Apache user can access the directory (we will be using the Apache group to share). To resolve this issue, first find out the Apache group is:

[root@tangerine ~]# cat /etc/httpd/conf/httpd.conf | grep ^Group
Group apache

In Red Hat, the Apache’s group is apache, but if you are using Ubuntu or Debian Linux, the Apache group is usually www-data. In this case, we need to make sure the apache group has read/execute access to the /data, /data/www, and /data/www/newdirectory directories. To do this, you would run the following command:

# Execute for Red Hat
chmod -R 755 /data/www/newdirectory/ && chown -R :apache /data/www/newdirectory/ 
 
# Execute only if using Debian or Ubuntu systems
chmod -R 755 /data/www/newdirectory/ && chown -R :apache /data/www/newdirectory/

You should not have to restart Apache for the setting to take effect, as this is only permissions on the filesystem. Go back to your web browser and try to refresh the page or bring the page up if you closed your web browser and see if you still get the insufficient privileges error message. If not, great! This had me stumped for the longest time, until I realized sometimes it’s the most obvious things that are the problems. If this didn’t help you to get things working, let me know and let’s try to get it sorted.

Comments for this entry

Kekoa Vincent

Posted:
September 20, 2007

Minor detail, but when you say,

“If you were symlinking the /data/www/newdirectory/, then the /data, /data/www, and the /data/www/newdirectory directories must have at least read access, so that Apache user can access the directory (we will be using the Apache group to share)”

Actually, all you need is execute permissions for the parent directories, so apache can open files within the folder. Not having a read permissions on the directory prevents a user(including apache) from listing the directory’s contents. If the location name is known(as in the case of a symlink), a user can cd to it without read permissions on parent directories. You will want read permission on the directory that you are symlinking though.

luke

Posted:
March 6, 2008

DOH! didin’t realise that the parent dir permissions were important… been hunting around for hours for a solution to this … THANK YOU

Drew

Posted:
March 18, 2008

Awesome! You are very welcome. This was my main issue, too, when I was trying to do this for the first time, thus why I documented it. Glad it helped you.

Thanks,
Drew

bernd

Posted:
April 14, 2008

I’ve done everything – at least I think so – what you have suggested, but symlinking is still not working.
The parts of the http.con-File connected to linking are set like this:


DocumentRoot "/var/www/html"
Options FollowSymLinks
Options FollowSymLinks
AllowOverride None
Options FollowSymLinks
Options Indexes FollowSymLinks

But I still get the error message in /var/log/http/error_log:
Directory index forbidden by Options directive:

I will be thankful for a hint, what might be still wrong!

Drew

Posted:
April 26, 2008

Bernd,

You have three Options FollowSymLinks options in your code. Make sure you only have one.

That is just something you should do. However, the error message you are receiving is due to not having an index page in your directory (the one that is symlinked). In order to have Directory Listing is to add a line in your directive, like so:

Options Indexes

Please let me know if you have any questions.

Regards,
Drew

Janet

Posted:
June 10, 2008

I?ve done everything what you have suggested, but i still get the error message shown below:
Forbidden
You don’t have permission to access /cgi-bin/jha.cgi on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.0.52 (Red Hat) Server at rhino.sbcld.sbc.com Port 80
Below is the soft link i created under /var/www/cgi-bin/
jha.cgi -> /home/emasld/EMAS_WEB_PROD/app/jha.cgi

Drew

Posted:
June 12, 2008

Janet,

I believe CGI is handled differently. Have you tried a test file in a different directory (a non CGI-BIN directory), just to make sure the permissions were right? I would check this first before you mess around with the CGI directories, because I believe there is additional configuration for the CGI-BIN directory, for Apache.

Regards,
Drew

Janet

Posted:
June 16, 2008

i tried one htm file(test.htm) in /var/www/html directory and it is working without any problems. I also tried one test file(test.cgi) that doesn’t have any soft links associated with in /var/www/cgi-bin directory and it is working fine. Below is my cgi-bin configuration from httpd.conf : 545 ScriptAlias /cgi-bin/ “/var/www/cgi-bin/”
546
547 #
548 # “/var/www/cgi-bin” should be changed to whatever your ScriptAliased
549 # CGI directory exists, if you have that configured.
550 #
551
552 AllowOverride None
553 Options All
554 Order allow,deny
555 Allow from all
556

Janet

Posted:
June 16, 2008

551
552 AllowOverride None
553 Options All
554 Order allow,deny
555 Allow from all
556

Janet

Posted:
June 16, 2008

sorry line 551 should be
and line 556 should be

Jose

Posted:
July 1, 2008

I had the same situation described here with a RHEL installation. I thought I had all permissions correct, but still the same Forbidden error. I followed the comments here and did a chown to apache, but still the problem!
After some more searching we found about SELinux causing havoc like this. We turned this off issuing “echo 0 > /selinux/enforce” and all is working. I haven’t done more research to see how you can have this ON while still getting the above working, but for those out there who just need to get it going give this a try.

Janet

Posted:
July 16, 2008

THANK YOU Jose. It works fine after i did echo 0 > /selinux/enforce

Peter

Posted:
July 30, 2008

Basically make it even more clear that you just need issue below
#chmod -R 755 /data
#chmod -R 755 /data/www
#chmod -R 755 /data/www/newdirectory

for you SElinux, you can run
#getsebool -aef|Grep httpd

to check the if it block it.
However, THANK YOU SO MUCH for this documentation.

Drew

Posted:
September 6, 2008

Guys (and Gal),

Thanks for the feedback. Of course you can disable SELinux, or just set the correct permissions for SELinux to work nicely with Apache. Keep up the comments!

Regards,
Drew

Aaron

Posted:
October 29, 2008

qw(Add a new (larger) disk to the system, format it accordingly, migrate the old /var/ mount-point to the new partition and change the DocumentRoot in the Apache configuration. This requires backing up old files and pushing them to the new partition and reconfiguring a small part of Apache; could cause a lot of downtime.)

If you have the luxury of being able to add a seprate partion to the system it’s actually way easier than this and doesn’t require reconfiguring apache.

add the new partition to the system (however you are going to do that based on your hardware)
mount it temporarily at something like /mnt/myNewDisk or just /mnt (see man mount)
*Take a backup*
move all the files from /var/www (or whatever your web dir is.
mv /var/www/* /mnt/myNewDisk/
unmount said new disk
umount /mnt/myNewDisk
remount it on the now empty /var/www/ which makes a great mount point
edit your fstab (or vfstab) file to ensure this mounts at startup.

I’m leaving out details on things like mount and fstab because they are a little os/vendor/filesystem specific. Generally they are pretty similar but you may need to brush up on the man page. In a pinch the /etc/fstab or /etc/vfstab can give you the options that you need but you’ll have to double check your syntax for the command line.

dean

Posted:
November 7, 2008

Setting every directory to executable all the way down from the root to the directory I was linking to did the trick for me. THANK YOU VERY MUCH!!!

Habib

Posted:
July 17, 2009

Hi,
I’m having the same problem. I have my DocumentRoot directory on the local filesystem. However, I cannot follow the links! My DocumentRoot is /web and here is the permission for it:

drwxrwxrwx 3 root apache 4096 Jul 17 11:09 /web

In /web directory I have a symlink:
lrwxrwxrwx 1 root root 31 Jul 16 17:00 /web/habib.html -> /home/habib/web/habib.html

Permissions for /web (DocumentRoot) and other directories:


drwxrwxrwx 3 root       root        0 Jul 17 10:33 /home
drwxrwxrwx 2 habib groupa 64 Jul 17 10:58 /home/habib
drwxrwxrwx 2 habib groupa 64 Jul 16 17:04 /home/habib/web
-rwxrwxrwx 1 nfsnobody  nfsnobody  69 Jul 16 16:57 /home/habib/web/habib.html

As you can see, I have read, write and execute permissions on all files and directories.

And here is from my httpd.conf:


User apache
Group apache

Options FollowSymLinks
AllowOverride None

Options Indexes FollowSymLinks
AllowOverride None

Order allow,deny
Allow from all

Would you help me please?

Thanks.

Drew

Posted:
August 27, 2009

Habib,

What does your error logs for Apache say? Usually you can find out what the error logs are telling you and do a simple search on the error on Google, and figure it out pretty fast. Let me know if you still need some help.

anunay

Posted:
January 18, 2011

[root@cdrserver sierra]# cat /etc/httpd/conf/httpd.conf | grep ^Group
Group apache

[root@cdrserver READER]# pwd
/home/sierraleone/READER
[root@cdrserver READER]# ls -ltr
drwxr-xr-x  2 sierraleone apache        4096 Jan 18 19:34 test

[root@cdrserver sierra]# pwd
/var/www/sierra
lrwxrwxrwx  1 sierraleone apache        30 Jan 18 19:31 test -> /home/sierraleone/READER/test/

and used

DocumentRoot "/var/www/sierra"
    AllowOverride None
    Options Indexes Includes FollowSymLinks
     Order allow,deny
    Allow from all

http://10.14.0.60/test

apache is showing:
You don't have permission to access /test on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Please check…

Drew

Posted:
January 18, 2011

@ anunay: What do your apache logs show?

anunay

Posted:
January 19, 2011

thanks for responding.

no error logs regarding that.

at this location: /u01/app/oracle/product/9.2.0/Apache/Apache/logs

in the browser it opens the base directory path “/var/www/sierra”, but it doesn’t show that symlink, however other files created there it is showing.

anunay

Posted:
January 19, 2011

[Wed Jan 19 11:24:54 2011] [notice] Apache/2.0.52 (Red Hat) configured — resuming normal operations
[Wed Jan 19 11:25:20 2011] [error] [client 10.14.0.230] Symbolic link not allowed: /var/www/sierra/sierra
[Wed Jan 19 11:25:26 2011] [error] [client 10.14.0.230] Symbolic link not allowed: /var/www/sierra/test
[Wed Jan 19 11:25:32 2011] [error] [client 10.14.0.230] Symbolic link not allowed: /var/www/sierra/sierra
[Wed Jan 19 11:34:43 2011] [error] [client 10.14.0.230] Symbolic link not allowed: /var/www/sierra/sierra
[Wed Jan 19 11:34:48 2011] [error] [client 10.14.0.230] File does not exist: /var/www/sierra/s
[Wed Jan 19 11:34:51 2011] [error] [client 10.14.0.230] File does not exist: /var/www/sierra/styles, referer: http://10.14.0.60/sierra
[Wed Jan 19 11:34:52 2011] [error] [client 10.14.0.230] File does not exist: /var/www/sierra/images, referer: http://10.14.0.60/sierra
[root@cdrserver sierra]#

anunay

Posted:
January 20, 2011

thanks for co-ordination.

It is working by making system into permissive mode

echo 0 >/selinux/enforce

apache is accessing

Drew

Posted:
January 20, 2011

@anunay:
Great to hear!

Akmal Fikri

Posted:
April 7, 2011

When I try this, most of the files have error : operation not permitted.

Drew

Posted:
April 8, 2011

Do you have the correct permissions? I know that if you are root, then you should be fine, but if you are using a less privileged user, you might need to use sudo or become a user that has privileges to perform this task.

Andre

Posted:
October 4, 2011

Nice site! Comes close to my problem, but I could not get the extra done, a I want 2 extra disk (= 2 extra partitions) to be added to the currrent system. I want the current www place to stay at it is. How to make it work? (I’m trying to get back in Linux after 10 years…). The current configauration works ok, so that is not the problem.

My config “default” on Debian 6:

NameVirtualHost *
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/web1/web/
                Options Indexes MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        Alias /webdav /var/www/web1/web
           DAV On
           AuthType Basic
           AuthName "webdav"
           AuthUserFile /var/www/web1/passwd.dav
           Require valid-user

Drew

Posted:
October 7, 2011

Andre:

Glad to have you getting back into the Linux community! Not exactly sure I understand what you are trying to do, so you might have to reemphasize. So, I’m guessing you’re running into any issue where you are trying to configure a few virtual hosts that go to two (or more) directories?

If so, that’s pretty easy. You just need to user the ServerName directive (more information here).

Basically for each virtual host, you need to include the ServerName directive, wheather that is using a full qualified domain name (FQDN), or by using a local domain server name, and adding that information to /etc/hosts.

First example is, you would update your DNS to point to the IP of your server and have Apache listen to that virtual host. Whatever, you set the DNS to, for example myblog.domain.net, then the ServerName directive needs to be set as:

ServerName blog.domain.net

The second example, you are using a local approach, and you would use the /etc/hosts file to do all the “looking up”. So, you would use the internal IP address of your system, for example, 10.0.0.100, and tell /etc/hosts to go to blog.local, like so:

/etc/hosts
10.0.0.100    blog.local

Then you would tell Apache to use the blog.local ServerName and your /etc/hosts file would do all the routing for you:

ServerName blog.local

You can use as many of these virtual hosts as you want, with a single IP address, just so long the ServerNames are unique. When using the first example, the DNS must be set up correctly.

In case you didn’t know, you would also normally put the ServerName directive somewhere (usually) after the ServerAdmin or DocumentRoot of each virtual host. I noticed that you didn’t have and VirtualHost directives on here, which you might have left them out, but in case you didn’t just make sure you configure each virtual host inside its very own Virtualhost directives.

Good luck and let me know how far you get!

Andre

Posted:
October 7, 2011

Drew,

Thanks for your warm welcome….

I did read some in these in between years, but actual Linux systems were not running, execpt my router…. from my provider, it is also Linux based.

What I actually want is indeed more directories, but in act I want to add real disks.

So now I have:
sda1 as system with the DocumentRoot /var/www/web1/web/
sda2 as swap
sdda 3: this partition I want to add

But I want to add also
sdb1
sdc1
sdd1

So 3 or even 4 extra completely empty hard disk. Why? My son has terabytes of photos. Have a look if you want at http://www.tomroelofs.nl/. His raw photos take a lot of space. Having now his own company for 1.5 years. Still hesitated to invest in good filesystem with remote (!) backup I/O some local usb disks … at the end I got him so far….

What works now?

Through his Mac or my PC we can access http://ipnumber/webdav perfectly and make a network mapping and work as we work local. Now we want to access the other disks. I will study your suggestions and update this piece of text. When you have other suggestions in the meantime… feel free….

PS: a hard disk backup station is the 2nd one to make, but that’s only filesyncing. That’s for later when this one works.

Hardware:
# Product
2 Asus E35M1-I -
6/8 Samsung EcoGreen F4EG HD204UI, 2TB
2 Samsung SH-S222AB/BEBE
2 be quiet! Pure Power L7 300W
2 Kingston ValueRAM KVR1066D3N7/4G

Costs per server roughly 400 euros. Towers: Got for free from 2 persons.

Andre

Posted:
October 7, 2011

When this works all locally, I have to portforward port 80 in the router to the servers local IP number as I do now with my own FTP.

External access indeed needs the addition of ServerName blog.domain.net

Or he has to fill in the browser his IP number like http://195.123.12/webdav. The first is more nice, so we have to register it somewhere, I know.

Andre

Posted:
October 8, 2011

I’ve read your suggestions carefully. It is not my goal to host more and different website (virtualhosts) on the server. It is a dedicated fileserver for my son; we only want to hard new partitions/hards disks as described above.

Andre

Posted:
October 8, 2011

Tried to make a symlink but it didn’t work; the rights were ok (www-data).

root@tom-server-2:/mnt# ln -s /mnt/Webdav1 /var/www/web1/web/

Andre

Posted:
October 8, 2011

Hi Drew,

I lost your website where I posted my question on webdav, forgot to make it a favorite. Luckily, I remembered your name so found at least this back. Can you send me the link of the website?

Thnx,
Andre

PS: I’m more close to the solution. Got the hint through: http://ubuntuforums.org/showthread.php?t=1411651&highlight=webdav. I’ve no access yet on the second partition, but as “forbidden” means, it exists and I’ve checked all the rights but did not find the mistake yet. My default now looks as:

NameVirtualHost *
       ServerAdmin webmaster@localhost
       DocumentRoot /var/www/web1/web/
               Options Indexes MultiViews
               AllowOverride None
               Order allow,deny
               allow from all
       Alias /webdav /var/www/web1/web
          DAV On
          AuthType Basic
          AuthName "webdav"
          AuthUserFile /var/www/web1/passwd.dav
          Require valid-user
Alias /webdav1 /mnt/webdav1
DAV on
Authtype Basic
Authname "webdav1"
AuthUserFile /var/www/web1/passwd1.dav
Require valid-user

Drew

Posted:
October 9, 2011

This is because your symbolic link is incorrect. Symbolic links are created by:

ln -s [directory_or_file_to_link_to] [link_created]

Did you do this? Let me know what you are trying to actually create (source and destination).

Drew

Posted:
October 9, 2011

Adding more disks is easy. First you need to figure out your naming scheme. So, you would obviously need to format the disks to whatever filesystem you would like. Once that is done, you will need to mount them to the system. For example, you could create a directory called /data/ and then from there, you can mount each disk to its own subdirectory in /data/, like so:

root@server ~# mkdir /data/
root@server ~# mount /dev/sdb1 /data/webdav1

Just make sure that the shared directory has permissions to read (and possibly write, if need be) for the web user (www:data, probably in your case).

From here, you just have to update your Apache configuration to reflect those directories.

Drew

Posted:
October 9, 2011

So, this sounds more like a home setup (hosting from your house). You are correct.

Drew

Posted:
October 9, 2011

Understood, see my previous comment.

Drew

Posted:
October 9, 2011

I’ve ported the email contact as this comment. First and foremost, know that I’m no webdav expert, and I honestly do not use it at all, so my expertise on webdav is limited. As for your issue, forbidden definitely means that it is trying to access something that is having a permissions issue. Can you look at your Apache logs and post the output of the errors Apache is generating only for when you try accessing this URL and receiving the forbidden error messages?

Also, could you show me the permissions of the directory you are trying to use as the DocumentRoot (/var/www/web1/web)?

Quick side question, are you being prompted for your username/password at all? I would guess not, as it is the same directory as your DocumentRoot.

Andre

Posted:
October 9, 2011

Drew, thanks for picking up the conversation again.

Being an expert is ok, but being not.. means that we have to do even more our best to find solutions. So I really appreciate your efforts!

Permissions of the directory you are trying to use as the DocumentRoot (were I’ve put some files in it):

root@tom-server-2:/etc/apache2/sites-available# ls -lh /var/www/web1/web
totaal 984K
-rwx------ 1 www-data www-data    0 okt  1 22:32 Nieuw - Bitmapafbeelding.bmp
-rwx------ 1 www-data www-data  75K okt  1 22:35 Nieuw - Bitmapafbeelding.JPG
drwx------ 2 www-data www-data 4,0K okt  1 22:31 testmap
-rw-r--r-- 1 www-data www-data  74K okt  8 14:25 voip-23-07-11.pdf
-rwx------ 1 www-data www-data 814K okt  1 23:05 WebDAV and Autoversioning - Version Control with Subversion - O'Reilly Media.mht

www-data is the owner as you see, which should be as I’ve chown that …

prompted for your username/password at all?

* yes for http://ipnr/webdav
* no for http:///ipnr/webdav1
Both after restart of browser.

Apache error.log (the other log no error as far I could see)

[Sun Oct 09 11:09:56 2011] [crit] [client 127.0.0.1] (13)Permission denied: /mnt/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Sun Oct 09 11:09:56 2011] [error] [client 127.0.0.1] File does not exist: /var/www/web1/web/favicon.ico, referer: http://127.0.0.1/webdav1

Hmm, the last warning I never got, have to look what it means for me.

Andre

Posted:
October 9, 2011

Got it working. Tried to rearrange the place where sda3 was mounted to the data directory you suggested. Advantage: you have to set the right new again and that did it. Strange as I looked at all the same right in the previous situation. When I now login on http://127.0.0.1/webdav1 I indeed was prompted for your username/password.

Thanks for your stimulating suggestions, as you see without being experts we did the job. I will update my progress so that others also can profit from it. Maybe I will transfer it into a https situation form, to be even more secure, but then I will have to start quite from scratch dealing with the certificates.

My basic websites to do the job, honours to those people.
Basic tutorial: http://www.howtoforge.com/setting-up-webdav-with-apache2-on-debian-etch
Extra space: http://ubuntuforums.org/showthread.php?t=1411651

And your site for the stimulatating effect! Thanks!

last default file:

NameVirtualHost *
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/web1/web/
                Options Indexes MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        Alias /webdav /var/www/web1/web
           DAV On
           AuthType Basic
           AuthName "webdav"
           AuthUserFile /var/www/web1/passwd.dav
           Require valid-user
Alias /webdav1 /data/webdav1
DAV on
Authtype Basic
Authname "webdav1"
AuthUserFile /var/www/web1/passwd1.dav
Require valid-user

Drew

Posted:
October 9, 2011

Great! Glad you got it working; thought it was a permissions issue, so that’s cool!

Andre

Posted:
October 10, 2011

Yes, indeed great…

What also was helpful to find out the code for every hardisk you add and where to put it exactly.

You place the text below and change the names according your own situation. Make www-data the owner of all you did and do not forget to add the disks to fstab for auto mounting…. else it will not work by default upon restart….

Cheers….

Alias /webdav2 /data/webdav2
DAV on
Authtype Basic
Authname "webdav2"
AuthUserFile /var/www/web1/passwd2.dav
Require valid-user

Andre

Posted:
October 10, 2011

place the text below before ….

should be:

You should place the text below at the end of the default file, before .

Additional: You can repeat this section for every partition/hard disk you add under WebDav.. (thats’ why webdav2, it is my 2nd disk….). Success!

Jonathan

Posted:
October 14, 2011

Thanks! Nice fonts by the way

Leave your comment

Please be polite. You can use these HTML tags: STRONG, A, BLOCKQUOTE, CODE

Notes of a SysAdmin

You are reading

Curing ‘Symbolic link not allowed’ (Apache 2.0)

The Scenario

Setting It All Up

Creating The Symlinks

Editing Apache 2.0 Configuration File

Resolving the permission issues

Comments for this entry

Leave your comment