Bug#530535: apache2: Apache fails to follow symlinks via other symlinks
Package: apache2.2-common
Version: 2.2.11-3
Severity: normal
In my userdir, I did (some time ago, inter alia): <kbd>
ln -s ../work .w
ln -s .w/mine/toys code
</kbd> and I used to be able to visit /~eddy/code/ to see the code
fragments therein. I have today run into this not working: I got 403
instead. However, <kbd>
mv code edoc
ln -s ../work/mine/toys code
</kbd> made the content visible again, although /~eddy/edoc/ stil
403s, so the problem seems to be only that Apache has lost the ability
to keep following symlinks until it gets to a real path. For
reference, <quote src="sh">
$ ls -lAd code edoc .w
lrwxrwxrwx 1 eddy eddy 17 2009-05-25 15:16 code -> ../work/mine/toys
lrwxrwxrwx 1 eddy eddy 12 2009-05-25 15:29 edoc -> .w/mine/toys
lrwxrwxrwx 1 eddy eddy 7 2006-08-31 19:59 .w -> ../work
$ for l in code edoc .w; do readlink -f $l; done
/disk/home/eddy/work/mine/toys
/disk/home/eddy/work/mine/toys
/disk/home/eddy/work
</quote> Naturally, your Options shall have to allow FollowSymLinks or
SymLinksIfOwnerMatch to reproduce the half of this where it works.
Given that I've used significantly more complex games with symlinks
via symlinks, this breaks an internal web-site on which various of my
colleagues have come to rely ... I'm going to have to make all my
symlinks direct-to-destination, which'll force me to re-do many of
them every time I move certain fragments around :-(
Such moves used to only require changing one symlink (through which
all the others pointed); e.g., if I move ~/work/ to another disk, all
symlinks from my userdir to under it shall break, even though I'd
naturally replace it with a symlink to where it's gone, which seems to
be good enough for all other applications I've tested with.
-- Package-specific info:
List of enabled modules from 'apache2 -M':
actions alias auth_basic authn_file authnz_ldap authz_default
authz_host authz_user autoindex cgi dir env ldap mime negotiation
perl setenvif ssl status userdir
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.ISO-8859-15, LC_CTYPE=en_GB.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages apache2 depends on:
ii apache2-mpm-prefork 2.2.11-3 Apache HTTP Server - traditional n
apache2 recommends no packages.
apache2 suggests no packages.
Versions of packages apache2.2-common depends on:
ii apache2-utils 2.2.11-3 utility programs for webservers
ii libapr1 1.3.3-3 The Apache Portable Runtime Librar
ii libaprutil1 1.3.4+dfsg-1 The Apache Portable Runtime Utilit
ii libc6 2.9-4 GNU C Library: Shared libraries
ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries
ii libmagic1 5.03-1 File type determination library us
ii libssl0.9.8 0.9.8g-16 SSL shared libraries
ii libuuid1 1.41.3-1 universally unique id library
ii lsb-base 3.2-22 Linux Standard Base 3.2 init scrip
ii mime-support 3.44-1 MIME files 'mime.types' & 'mailcap
ii net-tools 1.60-23 The NET-3 networking toolkit
ii perl 5.10.0-22 Larry Wall's Practical Extraction
ii procps 1:3.2.7-11 /proc file system utilities
ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime
-- no debconf information
Reply to: