0

I'm in the process of setting up a new computer; the old setup was Ubuntu 20.04 LTS; and I had placed a sym link to allow apache to access my content.

sudo ln -s /home/ed/mystuff /var/www/html/stuff

So that I could access it simply by browsing to localhost/stuff and that all seemed to work without any further configuration. I am aware this has problematic security implications but it was only for my internal use.

On my new computer, I installed 22.04 LTS, and it's (I think) configured exactly the same way but now results in 403 / Forbidden errors. Reading through some similar questions, I see a lot of reference to having files owned by www-data, but on my 20.04 everything on the /var/www side is root, and everything on the user side is still owned by the user. No www-data.

At this point, I'm most curious as to how it worked before on 20.04 but with 22.04 gives nothing but 403/forbidden?

EDITED TO ADD: I didn't change any of the config files, just installed apache2. In particular I see the /etc/apache2/apache2.conf files are identical.

WRAPUP(?): In answer to my confusion about why it worked in previous Ubuntu (20.04) release but not in the newer (22.04) is that for whatever reason, in the past, a user's home directory is created with permissions of 755; but in the newer release of ubuntu it is created with 750... Changing it to 751 or 755 allows it to work as before.

Ed Beighe
  • 23
  • Are all files included by /etc/apache2/apache2.conf also identical? (Typically, it means all files in /etc/apache2/conf.d and /etc/apache2/sites-enabled directories) – raj Feb 05 '24 at 12:48

2 Answers2

1

If enabling symlink in the config doesn't work, you can use a bind mount instead:

  1. Clean up and prepare
sudo unlink /var/www/html/stuff # Remove old link
sudo mkdir /var/www/html/stuff # Create empty directory as mount target
  1. Test it in the current session
sudo mount --bind /home/ed/mystuff /var/www/html/stuff
  1. Make it persist across reboots by appending the following to /etc/fstab:
/home/ed/mystuff    /var/www/html/stuff    none    nodev,nosuid,noexec,noatime,bind    0    0

Mounts are processed at a lower level than whatever Apache2 or the sandbox around it is doing. It will appear as if you originally put /home/ed/mystuff at /var/www/html/stuff, except it will stay perfectly in sync. If you added custom mounts under /home/ed/mystuff, you might need to bind them too if you want them to be visible and not the stuff underneath. Also make sure that the tree of files you want to publish under /home/ed/mystuff is readable by Apache2's user.

Daniel T
  • 4,594
0

Apache has a configuration setting, Option FollowSymLinks, that controls this. The default setting, if the option is not present in the config, is on, and that is what probably was in your previous version. In the new version, default configuration files probably somewhere include this option set to off. You must check the config files and change the option to on.

Here is a link to helpful documentation: https://httpd.apache.org/docs/2.4/mod/core.html#options

Also, the entire path to /home/ed/mystuff must be accessible (that means, have x permission) to the user under which Apache runs, ie. /home/ed/mystuff itself, /home/ed and /home.

raj
  • 10,353
  • That is in /etc/apache2/apache2.conf file, right? They both say

    <Directory /var/www/> Options Indexes FollowSymLinks AllowOverride None Require all granted

     – Ed Beighe Feb 05 '24 at 05:00
  • It can be in different files, as Apache config files structure is quite complicated. However, if the directive you quoted is not overridden somewhere later, I see FollowSymLinks is present, so it should work. – raj Feb 05 '24 at 10:37
  • Another required thing that might change: are all directories from /home/ed/mystuff up (ie. /home/ed/mystuff itself, /home/ed and /home) accessible (ie. x permission) to the user under which Apache runs? – raj Feb 05 '24 at 12:43
  • yes YES. That was the difference. In the older release of Ubuntu, the user's home directory was 755, in the newer one, it was 750. Changing /home/ed to 751 makes the scheme work as it did before. (by the way, this was all as default; that is how ubuntu set up the user's home directory -- does that make sense?) – Ed Beighe Feb 05 '24 at 14:31
  • There are various approaches to permissions on users home directories. One common approach - let's call it "permissive" - is to make home directory readable (but not writable) to other users; hence 755; the other, more "restrictive", makes home directory accessible only to its owner (and perhaps users in his group, which by default contains only this one user); hence 750. Looks like the approach has changed between releases. – raj Feb 05 '24 at 16:26
  • here's an article about the default permissions change, made with release 21. Makes sense. – Ed Beighe Feb 05 '24 at 19:27