0

I have a large data repository that, for security, I wish to keep mounted read-only for a VM running Ubuntu 14.04.

This VM runs an Apache server, and I wish to symbolically-link certain files from the read-only mounted resource into (subdirectories) of public_html.

When attempting to access these subdirectories via the browser, they are empty. Checking the Apache error.log, I see the following error:

AH00032: Symbolic link not allowed or link target not accessible

As per the answers from:

Apache won't follow Symlink

Apache 2 Symbolic link not allowed or link target not accessible

https://unix.stackexchange.com/questions/20993/symbolic-link-not-allowed-or-link-target-not-accessible-apache-on-centos-6

It is apparent that I need to chmod +x files and directories in order for Apache to reach them. However, this clearly cannot be done to a readonly filesystem.

I believe this issue cannot be resolved by FollowSymLinks, as it is the fundamental access to the filesystem that is causing the issue. Despite that, I have configured Apache for following symlinks, and verify it works when pointing to other files on a read-write filesystem.

The (very) inelegant solution is to temporarily copy the files from the readonly mount to some local scratch space and symlink to there instead, but the files are large, it will require additional housekeeping to keep this area from ballooning, and I need these files served via a request server on decent timescales.

Does anyone have any other suggestions as to how I can gain access to symlinked files hosted on a readonly drive?

Many thanks,

David

Community
  • 1
Dave
  • 101
  • 3

2 Answers2

1

Temporarily mount the filesystem as RW, fix the permissions and the mount it RO again.

user9517
  • 114,104
  • 20
  • 206
  • 289
  • Thanks for the tip! It prompted me to look at the fstab mount options, which led to a solution :-) – Dave Feb 20 '15 at 20:53
0

In part, thanks to Iain's answer, I have found a solution.

The issue in fact appeared to arise from the mount options in fstab. I changed from:

data_raid /data_raid/ vboxsf defaults 0 0

to

data_raid /data_raid/ vboxsf defaults,gid=1000,uid=1000 0 0

Where gid=1000 corresponds to my username.

The host where the resource is (rw) mounted was already chmod+x. However, as it was mounted root, I believe this caused the access issues described above.

Rebooting under the new mount options (where the group and user are now those I log in with) permits access under Apache to the symlinked files.

Dave
  • 101
  • 3