1

I'm sure someone has asked/answered this before but my search hasn't helped me much so...

I have Eclipse IDE installed on my Linux box (LM13) with the 'workspace' folder located @ /home/user/projects/workspace

I have Apache installed and set-up, working with various vhosts all of which have their folders somewhere under the web-root /var/www/...

The problem I'm having is that the vhost I've configured for a project in my Eclipse Workspace can't be accessed by Apache, and so gives me the "403 - Forbidden -- You don't have permission to access / on this server."

First I just tried a 'normal' vhost config, I then tried using a SymLink under the web-root @ /var/www/freelance/project linked to the project's folder in the Eclipse workspace

I have tried both FollowSymLinks and SymLinksIfOwnerMatch for the options directive under the <directory ...> section but I still can't access it with Apache in my browser!

Can anyone explain to me how I can get this set-up to work please? I haven't tried using mod_userdir yet, or setting the file permissions on my /home folder to allow access to Apache as neither of these seemed favourable. Is there another way?

Here's my vhost config:

# Apache VHOST config for IAGD
<VirtualHost my.iagd:80>
    NameVirtualHost my.iagd:80
    ServerAlias *.my.iagd
#   ServerAdmin username@domain

    DocumentRoot /var/www/freelance/iagd

    <Directory /var/www/freelance/iagd/>
        Options FollowSymLinks SymLinksIfOwnerMatch
        AllowOverride All
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </Directory>

    # Define custom log level
    LogLevel warn

    # Set up custom log files
    ErrorLog ${APACHE_LOG_DIR}/iagd/error.log
    CustomLog ${APACHE_LOG_DIR}/iagd/access.log combined
</VirtualHost>

Update

Output from ls -alFd ~/Projects/workspace/iagd:-

    drwxr-xr-- 6 user www-data 4096 Aug 22 14:12 IAGD/

Output for same on /home/user:-

    drwx------ 74 user user 20480 Aug 23 07:30 /home/user/
Chris
  • 135
  • 1
  • 8
  • Does Apache user have rights to access this subfolder in your home folder? You can check using `sudo su - your-apache-user` and then using `ls /home/your_user/path/to/your/subfolder` – Alex Aug 23 '12 at 11:24
  • Yes, I set the folder/file permissions to allow Apache, but *only* on the projects folder, not the whole of my user folder. Permissions are currently '755'. Thanks @Alex – Chris Aug 23 '12 at 11:49
  • 1
    Apache should have at least `x` permission on your folder to be able to work with its subfolder. – Alex Aug 23 '12 at 11:52
  • Okay I tried adding execute permissions for Apache's working group (sudo chmod g+x ....) but still no joy :( Any other ideas? – Chris Aug 23 '12 at 12:48
  • Could you please post the output of `ls -alFd /home/your_user_name` and `ls -alFd /home/your_user_name/apache_subfolder`? – Alex Aug 23 '12 at 12:50

1 Answers1

1

You will need to add a Directory directive for the subdirectory your home directory. When Apache accesses a symlink, it's the actual directory that the symlink points to that will be accessed, not the symlink pointer.

So, there are two things you need:

Firstly, the operating system permissions. Your directory needs to be readable for the Apache user, which means that all directories in the hierarchy above it needs to have the execute bit set for the Apache user.

Secondly, the Apache configuration. Apache needs to be told that it's OK to read from that directory. Usually, you'll want to restrict Apache to only be allowed to read a limited directory hierarchy - otherwise, it would be possible for any webuser to e.g. get to look at your password file, or surf through everyone's home directories. So when you want to access a directory that's outside the webroot hierarchy, you need to add a directive telling Apache to allow it. It will look something like this:

# Apache VHOST config for IAGD
<VirtualHost my.iagd:80>
    NameVirtualHost my.iagd:80
    ServerAlias *.my.iagd
#   ServerAdmin username@domain

    DocumentRoot /var/www/freelance/iagd

    <Directory /var/www/freelance/iagd/>
        Options FollowSymLinks SymLinksIfOwnerMatch
        AllowOverride All
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </Directory>

    <Directory /home/user/projects/workspace>
        AllowOverride All
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </Directory>

    # Define custom log level
    LogLevel warn

    # Set up custom log files
    ErrorLog ${APACHE_LOG_DIR}/iagd/error.log
    CustomLog ${APACHE_LOG_DIR}/iagd/access.log combined
</VirtualHost>
Jenny D
  • 27,358
  • 21
  • 74
  • 110
  • thanks @Jenny D -- so modifying my /home/user path to have "drwxr-x---" will fix it (which I think Alex alluded to in his comment but did not out-right state). I did mention in my Q. that I hadn't tried this yet as I'd hoped there was a 'better' way, but it's good to know that about SymLinks. Cheers :D – Chris Aug 23 '12 at 14:40
  • You do need to modify your home directory, but you also need to tell Apache that it's OK for it to read that directory. I'll edit my answer to clarify. – Jenny D Aug 23 '12 at 14:42
  • Hey that's great, thank you so much for clearing that up for me! Cheers – Chris Aug 23 '12 at 15:08
  • You're welcome, I'm glad I could help! – Jenny D Aug 23 '12 at 15:10
  • Hey I just figure out an easier way to do this (doh) I just switched them around -- now I have the files under /var/www/... and the SymLink in Eclipse's workspace, seems okay now. Eclipse sees the files but I can access it in my web browser!! -- as they say in l33t: "w00t w00t" – Chris Aug 23 '12 at 15:51