Symbolic Links on Linux Red Hat ES

Hi, I am new to Linux and am loving every minute of it :-)
I have, however, come upon a BIG stumbling block. I am trying to create Symbolic links to a directory out side of my webspace.
My webspace is: /var/www/html/control and I am trying to have a sym link to /home/uploads
I can browse through my symbolic links using the linux Directory browser so I know they work. However, when I try to browse the Sym links using an Internet Browser I get a permission error. I have already tried to use Alias and I have also tried mounting the volume (mount --rbind /home/uploads /var/www/html/control/ups) and I get the same permissions error.

In my httpd.conf I have:

<Directory "/var/www/html/control/uploads">
  Options +FollowSymLinks Indexes Includes Multiviews
  Allow Override None
  Order Allow,Deny
  Allow from all
</Directory>

Please can you advise me :-)

Thanks

Anadi :-)
AnadiTaylorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wbstechCommented:
Try running the below command:

chmod a+r /home/uploads

This will ensure all users can atleast read files in that folder, as you've already established it's a permissions error.
wbstechCommented:
You may want to check the user / group with the ls -l command to further understand what permissions need to be set.

I would imagine /home/uploads might be owned by a different user to that of /var/www/html/control
ravenplCommented:
> Options +FollowSymLinks Indexes Includes Multiviews
Please remove the + sign. Don't mix +/- with just options.
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

AnadiTaylorAuthor Commented:
I have run the chmod a+r /home/uploads and it has made no difference. I had already set this directory to have read/write and execute permissions for user/group and everyone - extreme I know but I wanted to take this out of the equasion.

I have also set the user to root and the group to apache wich tallies up with my /var/www/html/control directory.

Options +FollowSymLinks Indexes Includes Multiviews - I was trying this with the +FollowSymLinks to see if it made any difference. It didn't. I have tried with it and without it  the + and I get the same results.

Does anyone have any other ideas ???

Thanks

Anadi :-)
ravenplCommented:
And what exactly is the error? Search in apache error log.
AnadiTaylorAuthor Commented:
The logs (in /var/log/httpd) read:

[error] [client 127.0.0.1] (13) Permission denied: cannot read directory for multi: /var/www/html/control/uploaded/

There is also:

[error] [client 127.0.0.1] (13) Permission denied: access to : control/uploaded/index.html

HTH :-)
ravenplCommented:
Yep - 13 == permission denied
stat -ld /var/www/html/control/uploaded /var/www/html/control
Also - where have You created the symlink and where it points to?
AnadiTaylorAuthor Commented:
hi ravenpl - thanks for your help - it's really appreciated :-)

OK - I tried to run stat -ld /var/www/html/control/uploaded /var/www/html/control and got an error:
stat warning: -l is depreciated; us -L instead
stat: invalid option -- d

when I do a 'stat -L /var/www/html/control/uploaded /var/www/html/control' I get:

root@cu4productions httpd]# stat -L /var/www/html/control/uploaded /var/www/html/control
  File: `/var/www/html/control/uploaded'
  Size: 4096            Blocks: 16         IO Block: 4096   directory
Device: fd00h/64768d    Inode: 491533      Links: 14
Access: (0777/drwxrwxrwx)  Uid: (    0/    root)   Gid: (   48/  apache)
Access: 2006-09-12 14:42:24.000000000 +0100
Modify: 2006-08-22 14:41:00.000000000 +0100
Change: 2006-09-12 14:11:27.000000000 +0100
  File: `/var/www/html/control'
  Size: 4096            Blocks: 16         IO Block: 4096   directory
Device: fd00h/64768d    Inode: 1050400     Links: 11
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2006-09-12 14:12:53.000000000 +0100
Modify: 2006-09-12 12:05:31.000000000 +0100

Also - I made my Sym link by opening a terminal and using: ln -s /home/uploads /var/www/html/control/uploads

thanks again - this has been doing my head in for over a month now :-)
ravenplCommented:
sorry - I meant ls -ld :( - but looks fine so far.
anoter try: ls -ld /home/uploads
AnadiTaylorAuthor Commented:
OK - when I run ls -ld /home/uploads i get:

drwxrwxrwx 14 root apache 4096 Aug 22 14:41 /home/uploads

thanks again :-)

Anadi :-)
ravenplCommented:
Hmm - are You runnig SELinux? If so, then apache can access only /var/www
If not - I'm sorry - I'm off.
AnadiTaylorAuthor Commented:
Hi, Thanks once again for all your help.
Yes I am running SELinux - it explains a lot that its not possible :-)

Can you recommend a flavour of Linux Server that does support using Symbolic Links that point outside of my webspace.

All the best,

Anadi :-)
ravenplCommented:
It's not about linux, but the SELinux. Either disable, or rewrite SELinux rules to allow apache access the /home/uploads and then relabel filesystem...
AnadiTaylorAuthor Commented:
Hi,
how do i 'disable, or rewrite SELinux rules to allow apache access the /home/uploads and then relabel filesystem...'

thanks in advance

Anadi :-)
ravenplCommented:
what is the distro?
AnadiTaylorAuthor Commented:
Hi ravenpl, i really appreciate your help - its been invaluable :-)
I am not sure what you mean by distro - can you explain. I am using Linux Red Hat ES if thats what you mean ???

Anadi :-)
ravenplCommented:
Yes, I was after distribution.
to disable edit /etc/selinux/config, but note You need restart the system to make changes effective

To change it install selinux-policy-targeted-sources, then visit /etc/selinux/targeted/src/policy edit apropriate files then rebuild/reinstal/etc. Read README included in same directory for make options.

Not really helpful - unfortunatelly I was forced to edit selinux policies in very limited options - You'll have to serach internet for more
or make pointer Q to this one, so other experts may continue this thread.
AnadiTaylorAuthor Commented:
ahhh dude - you are a star man - I went into /etc/selinux and I edited the config file.
I changed SELINUX=enforcing to SELINUS=disabled and it worked.

I can now use all my sym links and mounts :-)

Is there any security issue with this settings???

Thanks again dude :-)

Anadi :-)
ravenplCommented:
> Is there any security issue with this settings???
SELinux is designed to enforce some security even if the application (or even kernel) has some flaws. In other words - if You will keep Your system up2date - nothing wrong should happen.
Unfortunatelly IMHO RH is not the one which is updated as fast as it could be possible.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.