I am transferring some hosting accounts from CentOS 6 with Apache 2.2 to CentOS 7 with Apache 2.4.34. Some of these accounts symlink to files through a directory symlink inside the DocumentRoot to files outside the DocumentRoot.
Like this:
root:root /var/lib/common/html/
user:user /home/user/app/ => /var/lib/common/html/
user:user /home/user/html/file.html => /home/user/app/file.html
It works on Apache 2.2. On Apache 2.4 I get a 403 permission denied response. I can find no evidence that SymLinkIfOwnerMatch
is set, only FollowSymLinks
via grepping the config files. The 403 error goes away if I set the /home/user/html/file.html
ownership to root:root
. (Note that the "middleman" directory symlink ownership does not matter. Apache will follow it either way.)
Are there situations where Apache 2.4 will always require the symlink ownership to match? It seems that direct access, mod_rewrite, and even Alias are enforcing ownership matching and I cannot figure out why.