sym link in Apache used to work but is now forbidden

I’m in the process of setting up a new computer; the old setup was Ubuntu 20.04 LTS; and I had placed a sym link to allow apache to access my content.

sudo ln -s /home/ed/mystuff /var/www/html/stuff

So that I could access it simply by browsing to localhost/stuff and that all seemed to work without any further configuration.
I am aware this has problematic security implications
but it was only for my internal use.

On my new computer, I installed 22.04 LTS, and it’s (I think) configured exactly the same way but now results in 403 / Forbidden errors. Reading through some similar questions, I see a lot of reference to having files owned by www-data, but on my 20.04 everything on the /var/www side is root, and everything on the user side is still owned by the user. No www-data.

At this point, I’m most curious as to how it worked before on 20.04 but with 22.04 gives nothing but 403/forbidden?

EDITED TO ADD: I didn’t change any of the config files, just installed apache2. In particular I see the /etc/apache2/apache2.conf files are identical.

WRAPUP(?): In answer to my confusion about why it worked in previous Ubuntu (20.04) release but not in the newer (22.04) is that for whatever reason, in the past, a user’s home directory is created with permissions of 755; but in the newer release of ubuntu it is created with 750… Changing it to 751 or 755 allows it to work as before.

Asked By: Ed Beighe

||

Apache has a configuration setting, Option FollowSymLinks, that controls this. The default setting, if the option is not present in the config, is on, and that is what probably was in your previous version. In the new version, default configuration files probably somewhere include this option set to off. You must check the config files and change the option to on.

Here is a link to helpful documentation: https://httpd.apache.org/docs/2.4/mod/core.html#options

Also, the entire path to /home/ed/mystuff must be accessible (that means, have x permission) to the user under which Apache runs, ie. /home/ed/mystuff itself, /home/ed and /home.

Answered By: raj

If enabling symlink in the config doesn’t work, you can use a bind mount instead:

  1. Clean up and prepare
sudo unlink /var/www/html/stuff # Remove old link
sudo mkdir /var/www/html/stuff # Create empty directory as mount target
  1. Test it in the current session
sudo mount --bind /home/ed/mystuff /var/www/html/stuff
  1. Make it persist across reboots by appending the following to /etc/fstab:
/home/ed/mystuff    /var/www/html/stuff    none    nodev,nosuid,noexec,noatime,bind    0    0

Mounts are processed at a lower level than whatever Apache2 or the sandbox around it is doing. It will appear as if you originally put /home/ed/mystuff at /var/www/html/stuff, except it will stay perfectly in sync. If you added custom mounts under /home/ed/mystuff, you might need to bind them too if you want them to be visible and not the stuff underneath. Also make sure that the tree of files you want to publish under /home/ed/mystuff is readable by Apache2’s user.

Answered By: Daniel T
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.