[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#530535: apache2: Apache fails to follow symlinks via other symlinks

Package: apache2.2-common
Version: 2.2.11-3
Severity: normal

In my userdir, I did (some time ago, inter alia): <kbd>

ln -s ../work .w
ln -s .w/mine/toys code

</kbd> and I used to be able to visit /~eddy/code/ to see the code
fragments therein.  I have today run into this not working: I got 403
instead.  However, <kbd>

mv code edoc
ln -s ../work/mine/toys code

</kbd> made the content visible again, although /~eddy/edoc/ stil
403s, so the problem seems to be only that Apache has lost the ability
to keep following symlinks until it gets to a real path.  For
reference, <quote src="sh">

$ ls -lAd code edoc .w
lrwxrwxrwx 1 eddy eddy 17 2009-05-25 15:16 code -> ../work/mine/toys
lrwxrwxrwx 1 eddy eddy 12 2009-05-25 15:29 edoc -> .w/mine/toys
lrwxrwxrwx 1 eddy eddy  7 2006-08-31 19:59 .w -> ../work
$ for l in code edoc .w; do readlink -f $l; done
/disk/home/eddy/work/mine/toys
/disk/home/eddy/work/mine/toys
/disk/home/eddy/work

</quote> Naturally, your Options shall have to allow FollowSymLinks or
SymLinksIfOwnerMatch to reproduce the half of this where it works.

Given that I've used significantly more complex games with symlinks
via symlinks, this breaks an internal web-site on which various of my
colleagues have come to rely ... I'm going to have to make all my
symlinks direct-to-destination, which'll force me to re-do many of
them every time I move certain fragments around :-(

Such moves used to only require changing one symlink (through which
all the others pointed); e.g., if I move ~/work/ to another disk, all
symlinks from my userdir to under it shall break, even though I'd
naturally replace it with a symlink to where it's gone, which seems to
be good enough for all other applications I've tested with.

-- Package-specific info:
List of enabled modules from 'apache2 -M':
  actions alias auth_basic authn_file authnz_ldap authz_default
  authz_host authz_user autoindex cgi dir env ldap mime negotiation
  perl setenvif ssl status userdir

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.ISO-8859-15, LC_CTYPE=en_GB.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages apache2 depends on:
ii  apache2-mpm-prefork           2.2.11-3   Apache HTTP Server - traditional n

apache2 recommends no packages.

apache2 suggests no packages.

Versions of packages apache2.2-common depends on:
ii  apache2-utils          2.2.11-3          utility programs for webservers
ii  libapr1                1.3.3-3           The Apache Portable Runtime Librar
ii  libaprutil1            1.3.4+dfsg-1      The Apache Portable Runtime Utilit
ii  libc6                  2.9-4             GNU C Library: Shared libraries
ii  libldap-2.4-2          2.4.11-1          OpenLDAP libraries
ii  libmagic1              5.03-1            File type determination library us
ii  libssl0.9.8            0.9.8g-16         SSL shared libraries
ii  libuuid1               1.41.3-1          universally unique id library
ii  lsb-base               3.2-22            Linux Standard Base 3.2 init scrip
ii  mime-support           3.44-1            MIME files 'mime.types' & 'mailcap
ii  net-tools              1.60-23           The NET-3 networking toolkit
ii  perl                   5.10.0-22         Larry Wall's Practical Extraction 
ii  procps                 1:3.2.7-11        /proc file system utilities
ii  zlib1g                 1:1.2.3.3.dfsg-13 compression library - runtime

-- no debconf information
Reply to: