Es mēģinu palaist Piwigo galeriju / digitālo aktīvu pārvaldnieku Raspberry Pi, izmantojot Apache 2.4 Arch Linux ARM. Pjvigo priecīgi skrien. Windows failu nosaukšanas un CIFS iemeslu dēļ man ir jāpadara tūkstošiem simlinku ar ārēju direktoriju Piwigo FTP augšupielādes direktorijā. Mans scenārijs, lai to izdarītu, darbojas lieliski.

Šī nav cita persona, kas mēģina sasaistīt savu mājas direktoriju, nesaprotot atļaujas.

Veicot traucējummeklēšanu, es atklāju, ka saites DocumentRoot darbojas labi, bet neizdodas ar 403 visās pārbaudītajās DocumentRoot apakšdirektorijās. Nekas ārpus DocumentRoot nav iesaistīts. Neizdodas arī saites jaunajos testa direktorijos, kas, iespējams, nevar saturēt .ht * failus.

Esmu izlasījis apmēram simts visatbilstošākos no 465 rezultātiem servera kļūdās "apache symlink", kā arī dažādus citus ziņojumus tīmeklī. Šīs atbildes, kā arī Apache dokumentācija saka, ka direktīvām "jāattiecas tikai uz nosaukto failu sistēmas direktoriju, apakšdirektorijiem un to saturu". - Option direktīvai vajadzētu izplatīties uz leju, ja vien tas netiek ignorēts, un manam konfiguratoram jebkurā gadījumā jānovērš ignorēšana. Ja es varu saprast, kāpēc simlinki neizdodas iekšā DocumentRoot, esmu pārliecināts, ka viņi izveidos saiti.


Apache tiek svaigi restartēts.

[[email protected] ~]$ sudo systemctl restart httpd [[email protected] ~]$ sudo systemctl status httpd * httpd.service - Apache Web Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2017-12-09 14:18:43 EST; 1min 2s ago Process: 8578 ExecStop=/usr/bin/httpd -k graceful-stop (code=exited, status=0/SUCCESS) Process: 8099 ExecReload=/usr/bin/httpd -k graceful (code=exited, status=0/SUCCESS) Main PID: 8583 (httpd) Tasks: 6 (limit: 4915) CGroup: /system.slice/httpd.service |-8583 /usr/bin/httpd -k start -DFOREGROUND |-8584 /usr/bin/httpd -k start -DFOREGROUND |-8585 /usr/bin/httpd -k start -DFOREGROUND |-8586 /usr/bin/httpd -k start -DFOREGROUND |-8587 /usr/bin/httpd -k start -DFOREGROUND `-8588 /usr/bin/httpd -k start -DFOREGROUND Dec 09 14:18:43 alarmpi systemd[1]: Started Apache Web Server. Dec 09 14:18:44 alarmpi httpd[8583]: AH00558: httpd: Could not reliably determine the server's fully qualified domain 

Un šeit ir httpd.conf, kas tiek ievadīts caur awk, lai noņemtu komentārus un tukšās rindas. Acīmredzot viss, kas ir nepareizi, iespējams, atrodas šeit. Ja atmiņa nedarbojas, divi noklusējuma papildinājumi ir PHP7 ielāde un .PHP izpildāmā padarīšana.

[[email protected] ~]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/httpd.conf ServerRoot '/etc/httpd' Listen 80 LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_core_module modules/mod_authn_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_core_module modules/mod_authz_core.so LoadModule access_compat_module modules/mod_access_compat.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule reqtimeout_module modules/mod_reqtimeout.so LoadModule include_module modules/mod_include.so LoadModule filter_module modules/mod_filter.so LoadModule mime_module modules/mod_mime.so LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so LoadModule headers_module modules/mod_headers.so LoadModule unique_id_module modules/mod_unique_id.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so LoadModule slotmem_shm_module modules/mod_slotmem_shm.so LoadModule mpm_prefork_module modules/mod_mpm_prefork.so LoadModule unixd_module modules/mod_unixd.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so  #LoadModule cgid_module modules/mod_cgid.so   #LoadModule cgi_module modules/mod_cgi.so  LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule php7_module modules/libphp7.so  SetHandler application/x-httpd-php   User http Group http  ServerAdmin [email protected]  AllowOverride none Require all denied  DocumentRoot '/srv/http'  Options Indexes FollowSymLinks AllowOverride None Require all granted   DirectoryIndex index.html   Require all denied  ErrorLog '/var/log/httpd/error_log' LogLevel warn  LogFormat '%h %l %u %t \'%r\' %>s %b \'%{Referer}i\' \'%{User-Agent}i\'' combined LogFormat '%h %l %u %t \'%r\' %>s %b' common  LogFormat '%h %l %u %t \'%r\' %>s %b \'%{Referer}i\' \'%{User-Agent}i\' %I %O' combinedio  CustomLog '/var/log/httpd/access_log' common   ScriptAlias /cgi-bin/ '/srv/http/cgi-bin/'     AllowOverride None Options None Require all granted   RequestHeader unset Proxy early   TypesConfig conf/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz  Include conf/extra/httpd-mpm.conf Include conf/extra/httpd-multilang-errordoc.conf Include conf/extra/httpd-autoindex.conf Include conf/extra/httpd-languages.conf Include conf/extra/httpd-userdir.conf Include conf/extra/httpd-default.conf Include conf/extra/phpmyadmin.conf  Include conf/extra/proxy-html.conf  Include conf/extra/php7_module.conf  SSLRandomSeed startup builtin SSLRandomSeed connect builtin  

REDIĢĒT: Arch vienkārši ievieto vienu httpd.conf failu mapē / etc / httpd / conf /, pēc tam iekļauj saturu no / etc / httpd / conf / extra. Šeit ir visu iekļauto .conf failu saturs iekļaušanas secībā:

[[email protected] conf]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/extra/httpd-mpm.conf  PidFile '/run/httpd/httpd.pid'   StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxRequestWorkers 250 MaxConnectionsPerChild 0   StartServers 3 MinSpareThreads 75 MaxSpareThreads 250 ThreadsPerChild 25 MaxRequestWorkers 400 MaxConnectionsPerChild 0   StartServers 3 MinSpareThreads 75 MaxSpareThreads 250 ThreadsPerChild 25 MaxRequestWorkers 400 MaxConnectionsPerChild 0   ThreadStackSize 65536 StartThreads 250 MinSpareThreads 25 MaxSpareThreads 250 MaxThreads 1000 MaxConnectionsPerChild 0   StartServers 2 MinSpareThreads 5 MaxSpareThreads 10 MaxConnectionsPerChild 0   ThreadsPerChild 150 MaxConnectionsPerChild 0   MaxMemFree 2048   MaxMemFree 100  ================== [[email protected] conf]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/extra/httpd-multilang-errordoc.conf Alias /error/ '/usr/share/httpd/error/'  AllowOverride None Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var Require all granted LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr ForceLanguagePriority Prefer Fallback  ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var ErrorDocument 410 /error/HTTP_GONE.html.var ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var ================== [[email protected] conf]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/extra/httpd-autoindex.conf IndexOptions FancyIndexing HTMLTable VersionSort Alias /icons/ '/usr/share/httpd/icons/'  Options Indexes MultiViews AllowOverride None Require all granted  AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ DefaultIcon /icons/unknown.gif ReadmeName README.html HeaderName HEADER.html IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t ================== [[email protected] conf]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/extra/httpd-languages.conf AddLanguage ca .ca AddLanguage cs .cz .cs AddLanguage da .dk AddLanguage de .de AddLanguage el .el AddLanguage en .en AddLanguage eo .eo AddLanguage es .es AddLanguage et .et AddLanguage fr .fr AddLanguage he .he AddLanguage hr .hr AddLanguage it .it AddLanguage ja .ja AddLanguage ko .ko AddLanguage ltz .ltz AddLanguage nl .nl AddLanguage nn .nn AddLanguage no .no AddLanguage pl .po AddLanguage pt .pt AddLanguage pt-BR .pt-br AddLanguage ru .ru AddLanguage sv .sv AddLanguage tr .tr AddLanguage zh-CN .zh-cn AddLanguage zh-TW .zh-tw LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW ForceLanguagePriority Prefer Fallback AddCharset us-ascii.ascii .us-ascii AddCharset ISO-8859-1 .iso8859-1 .latin1 AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen AddCharset ISO-8859-3 .iso8859-3 .latin3 AddCharset ISO-8859-4 .iso8859-4 .latin4 AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru AddCharset ISO-8859-6 .iso8859-6 .arb .arabic AddCharset ISO-8859-7 .iso8859-7 .grk .greek AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk AddCharset ISO-8859-10 .iso8859-10 .latin6 AddCharset ISO-8859-13 .iso8859-13 AddCharset ISO-8859-14 .iso8859-14 .latin8 AddCharset ISO-8859-15 .iso8859-15 .latin9 AddCharset ISO-8859-16 .iso8859-16 .latin10 AddCharset ISO-2022-JP .iso2022-jp .jis AddCharset ISO-2022-KR .iso2022-kr .kis AddCharset ISO-2022-CN .iso2022-cn .cis AddCharset Big5.Big5 .big5 .b5 AddCharset cn-Big5 .cn-big5 AddCharset WINDOWS-1251 .cp-1251 .win-1251 AddCharset CP866 .cp866 AddCharset KOI8 .koi8 AddCharset KOI8-E .koi8-e AddCharset KOI8-r .koi8-r .koi8-ru AddCharset KOI8-U .koi8-u AddCharset KOI8-ru .koi8-uk .ua AddCharset ISO-10646-UCS-2 .ucs2 AddCharset ISO-10646-UCS-4 .ucs4 AddCharset UTF-7 .utf7 AddCharset UTF-8 .utf8 AddCharset UTF-16 .utf16 AddCharset UTF-16BE .utf16be AddCharset UTF-16LE .utf16le AddCharset UTF-32 .utf32 AddCharset UTF-32BE .utf32be AddCharset UTF-32LE .utf32le AddCharset euc-cn .euc-cn AddCharset euc-gb .euc-gb AddCharset euc-jp .euc-jp AddCharset euc-kr .euc-kr AddCharset EUC-TW .euc-tw AddCharset gb2312 .gb2312 .gb AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 AddCharset shift_jis .shift_jis .sjis ================== [[email protected] conf]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/extra/httpd-userdir.conf UserDir public_html  AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS  ================== [[email protected] conf]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/extra/httpd-default.conf Timeout 60 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 UseCanonicalName Off AccessFileName .htaccess ServerTokens Full ServerSignature Off HostnameLookups Off  RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500  ================== [[email protected] conf]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/extra/phpmyadmin.conf Alias /phpmyadmin '/usr/share/webapps/phpMyAdmin'  DirectoryIndex index.php AllowOverride All Options FollowSymlinks Require all granted  ================== [[email protected] conf]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/extra/proxy-html.conf ProxyHTMLLinks a href ProxyHTMLLinks area href ProxyHTMLLinks link href ProxyHTMLLinks img src longdesc usemap ProxyHTMLLinks object classid codebase data usemap ProxyHTMLLinks q cite ProxyHTMLLinks blockquote cite ProxyHTMLLinks ins cite ProxyHTMLLinks del cite ProxyHTMLLinks form action ProxyHTMLLinks input src usemap ProxyHTMLLinks head profile ProxyHTMLLinks base href ProxyHTMLLinks script src for ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \ onmouseover onmousemove onmouseout onkeypress \ onkeydown onkeyup onfocus onblur onload \ onunload onsubmit onreset onselect onchange ================== [[email protected] conf]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/extra/php7_module.conf   DirectoryIndex index.php index.html  SetHandler application/x-httpd-php   SetHandler application/x-httpd-php-source    

Atlikušie .conf faili mapē / etc / httpd / conf / extra /, ja kāds no šiem iekļautajiem failiem tos savukārt ietver alfabētiskā secībā.

[[email protected] extra]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/extra/httpd-dav.conf DavLockDB '/etc/httpd/var/DavLock' Alias /uploads '/etc/httpd/uploads'  Dav On AuthType Digest AuthName DAV-upload AuthUserFile '/etc/httpd/user.passwd' AuthDigestProvider file  Require method GET POST OPTIONS Require user admin   BrowserMatch 'Microsoft Data Access Internet Publishing Provider' redirect-carefully BrowserMatch 'MS FrontPage' redirect-carefully BrowserMatch '^WebDrive' redirect-carefully BrowserMatch '^WebDAVFS/1.[01234]' redirect-carefully BrowserMatch '^gnome-vfs/1.0' redirect-carefully BrowserMatch '^XML Spy' redirect-carefully BrowserMatch '^Dreamweaver-WebDAV-SCM1' redirect-carefully BrowserMatch ' Konqueror/4' redirect-carefully ================== [[email protected] extra]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/extra/httpd-info.conf  SetHandler server-status Require host .example.com Require ip 127   SetHandler server-info Require host .example.com Require ip 127  ================== [[email protected] extra]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/extra/httpd-manual.conf AliasMatch ^/manual(?:/(?:da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn))?(/.*)?$ '/usr/share/httpd/manual$1'  Options Indexes AllowOverride None Require all granted  SetHandler type-map   ForceType 'text/html; charset=utf-8'  AddLanguage da .da SetEnvIf Request_URI ^/manual/(da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)/ prefer-language=$1 RedirectMatch 301 ^/manual(?:/(da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)){2,}(/.*)?$ /manual/$1$2 LanguagePriority en da de es fr ja ko pt-br ru tr ForceLanguagePriority Prefer Fallback  ================== [[email protected] extra]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/extra/httpd-ssl.conf Listen 443 SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 SSLHonorCipherOrder on SSLProtocol all -SSLv3 SSLProxyProtocol all -SSLv3 SSLPassPhraseDialog builtin SSLSessionCache 'shmcb:/run/httpd/ssl_scache(512000)' SSLSessionCacheTimeout 300  DocumentRoot '/srv/http' ServerName www.example.com:443 ServerAdmin [email protected] ErrorLog '/var/log/httpd/error_log' TransferLog '/var/log/httpd/access_log' SSLEngine on SSLCertificateFile '/etc/httpd/conf/server.crt' SSLCertificateKeyFile '/etc/httpd/conf/server.key'  SSLOptions +StdEnvVars   SSLOptions +StdEnvVars  BrowserMatch 'MSIE [2-5]' \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog '/var/log/httpd/ssl_request_log' \ '%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \'%r\' %b'  ================== [[email protected] extra]$ sudo awk '!/^ *#/ && NF' /etc/httpd/conf/extra/httpd-vhosts.conf  ServerAdmin [email protected] DocumentRoot '/etc/httpd/docs/dummy-host.example.com' ServerName dummy-host.example.com ServerAlias www.dummy-host.example.com ErrorLog '/var/log/httpd/dummy-host.example.com-error_log' CustomLog '/var/log/httpd/dummy-host.example.com-access_log' common   ServerAdmin [email protected] DocumentRoot '/etc/httpd/docs/dummy-host2.example.com' ServerName dummy-host2.example.com ErrorLog '/var/log/httpd/dummy-host2.example.com-error_log' CustomLog '/var/log/httpd/dummy-host2.example.com-access_log' common  

Vienkārši, lai problēmu izteiktu skaidrāk, nekā to atļauj angļu valodas gramatika:

Turpmāk mēs esam Apache lietotājs. Mums pieder gandrīz viss. Nav iedomātu ACL rīku. Atļaujas nav plus zīmes.

[[email protected] ~]$ sudo -u http -s [[email protected] alarm]$ cd /srv/http/ [[email protected] ~]$ ls -al total 348 drwxr-xr-x 7 http http 4096 Dec 9 19:40 . drwxr-xr-x 4 root root 4096 Dec 10 2016 .. -rw------- 1 http http 551 Dec 9 19:09 .bash_history drwx------ 3 http http 4096 Nov 27 23:51 .config drwx------ 3 http http 4096 Nov 26 19:39 .cache drwx------ 3 http http 4096 Nov 26 19:39 .local -rwxr-xr-x 1 http http 234673 Dec 9 14:39 PicSub.jpg -rwxr-xr-x 1 http http 318682 Feb 22 2017 PicTop.jpg -rw-r--r-- 1 http root 20 May 29 2017 info.php drwxr-xr-x 15 http http 4096 Nov 26 18:23 piwigo 

Izveidosim direktoriju. Pirms šī piemēra ierakstīšanas es nekad neesmu izveidojis nevienu demodiru.

[[email protected] ~]$ mkdir -v demodir mkdir: created directory 'demodir' 

Pārvietojiet vienu no attēliem apakšdirektorijā, pēc tam izveidojiet četras simlinkus - pa vienam katrā direktorijā un pa vienam augšup un lejup direktoriju līmeņos.

[[email protected] ~]$ mv PicSub.jpg demodir/ [[email protected] ~]$ ln -s demodir/PicSub.jpg linkintoptosub.jpg [[email protected] ~]$ ln -s PicTop.jpg linkintoptotop.jpg [[email protected] ~]$ ln -s PicTop.jpg demodir/linkinsubtotop.jpg [[email protected] ~]$ ln -s demodir/PicSub.jpg demodir/linkinsubtosub.jpg 

REDIĢĒT: Lietotājs http var lasīt un izpildīt demodir.

[[email protected] conf]$ sudo -u http -s [[email protected] conf]$ cd /srv/http/ [[email protected] ~]$ ls -al total 348 drwxr-xr-x 7 http http 4096 Dec 9 19:46 . drwxr-xr-x 4 root root 4096 Dec 10 2016 .. -rw------- 1 http http 1346 Dec 10 01:32 .bash_history drwx------ 3 http http 4096 Nov 26 19:39 .cache drwx------ 3 http http 4096 Nov 27 23:51 .config drwx------ 3 http http 4096 Nov 26 19:39 .local -rwxr-xr-x 1 http http 318682 Feb 22 2017 PicTop.jpg drwxr-xr-x 2 http http 4096 Dec 9 19:47 demodir -rw-r--r-- 1 http root 20 May 29 2017 info.php lrwxrwxrwx 1 http http 18 Dec 9 19:45 linkintoptosub.jpg -> demodir/PicSub.jpg lrwxrwxrwx 1 http http 10 Dec 9 19:46 linkintoptotop.jpg -> PicTop.jpg drwxr-xr-x 15 http http 4096 Nov 26 18:23 piwigo 

Faili darbojas neatkarīgi no to atrašanās vietas. Symlinks darbojas vietnē DocumentRoot neatkarīgi no tā, kur tās ir saistītas. Symlinks 403 apakšdirektorijā neatkarīgi no tā, kur tie ir saistīti.

[[email protected] ~]$ curl -I 192.168.0.100/PicTop.jpg HTTP/1.1 200 OK Date: Sun, 10 Dec 2017 01:00:43 GMT Server: Apache/2.4.25 (Unix) PHP/7.1.5 Last-Modified: Wed, 22 Feb 2017 19:23:20 GMT ETag: '4dcda-549236de59a00' Accept-Ranges: bytes Content-Length: 318682 Content-Type: image/jpeg [[email protected] ~]$ curl -I 192.168.0.100/demodir/PicSub.jpg HTTP/1.1 200 OK Date: Sun, 10 Dec 2017 01:00:48 GMT Server: Apache/2.4.25 (Unix) PHP/7.1.5 Last-Modified: Sat, 09 Dec 2017 19:39:25 GMT ETag: '394b1-55fed756f159d' Accept-Ranges: bytes Content-Length: 234673 Content-Type: image/jpeg [[email protected] ~]$ curl -I 192.168.0.100/linkintoptotop.jpg HTTP/1.1 200 OK Date: Sun, 10 Dec 2017 01:01:52 GMT Server: Apache/2.4.25 (Unix) PHP/7.1.5 Last-Modified: Wed, 22 Feb 2017 19:23:20 GMT ETag: '4dcda-549236de59a00' Accept-Ranges: bytes Content-Length: 318682 Content-Type: image/jpeg [[email protected] ~]$ curl -I 192.168.0.100/linkintoptosub.jpg HTTP/1.1 200 OK Date: Sun, 10 Dec 2017 01:02:27 GMT Server: Apache/2.4.25 (Unix) PHP/7.1.5 Last-Modified: Sat, 09 Dec 2017 19:39:25 GMT ETag: '394b1-55fed756f159d' Accept-Ranges: bytes Content-Length: 234673 Content-Type: image/jpeg [[email protected] ~]$ curl -I 192.168.0.100/demodir/linkinsubtosub.jpg HTTP/1.1 403 Forbidden Date: Sun, 10 Dec 2017 01:03:09 GMT Server: Apache/2.4.25 (Unix) PHP/7.1.5 Vary: accept-language,accept-charset Accept-Ranges: bytes Content-Type: text/html; charset=utf-8 Content-Language: en [[email protected] ~]$ curl -I 192.168.0.100/demodir/linkinsubtotop.jpg HTTP/1.1 403 Forbidden Date: Sun, 10 Dec 2017 01:03:37 GMT Server: Apache/2.4.25 (Unix) PHP/7.1.5 Vary: accept-language,accept-charset Accept-Ranges: bytes Content-Type: text/html; charset=utf-8 Content-Language: en 

Rediģēts, lai sadalītu šos error.log ziņojumus no paslēpšanas zem čokurošanās rezultātiem.

[[email protected] ~]$ tail /var/log/httpd/error_log PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/modules/imagick.so' - /usr/lib/php/modules/imagick.so: cannot open shared object file: No such file or directory in Unknown on line 0 [Sat Dec 09 14:17:35.240202 2017] [mpm_prefork:notice] [pid 8565] AH00163: Apache/2.4.25 (Unix) PHP/7.1.5 configured -- resuming normal operations [Sat Dec 09 14:17:35.300240 2017] [core:notice] [pid 8565] AH00094: Command line: '/usr/bin/httpd -D FOREGROUND' [Sat Dec 09 14:18:42.441258 2017] [mpm_prefork:notice] [pid 8565] AH00170: caught SIGWINCH, shutting down gracefully AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::ba27:ebff:fee9:83f0. Set the 'ServerName' directive globally to suppress this message PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/modules/imagick.so' - /usr/lib/php/modules/imagick.so: cannot open shared object file: No such file or directory in Unknown on line 0 [Sat Dec 09 14:18:46.230867 2017] [mpm_prefork:notice] [pid 8583] AH00163: Apache/2.4.25 (Unix) PHP/7.1.5 configured -- resuming normal operations [Sat Dec 09 14:18:46.231507 2017] [core:notice] [pid 8583] AH00094: Command line: '/usr/bin/httpd -D FOREGROUND' [Sat Dec 09 20:03:09.745189 2017] [core:error] [pid 8587] [client 192.168.0.100:35756] AH00037: Symbolic link not allowed or link target not accessible: /srv/http/demodir/linkinsubtosub.jpg [Sat Dec 09 20:03:37.784041 2017] [core:error] [pid 8588] [client 192.168.0.100:35758] AH00037: Symbolic link not allowed or link target not accessible: /srv/http/demodir/linkinsubtotop.jpg 

Lasītajos piemēros 403 simbola saitēs, ja tās nav atļaujas / šifrējums / ACL problēmas, ir SELinux. SELinux netiek oficiāli atbalstīts Arch, nemaz nerunājot par ALARM. Pacmans to nav uzskaitījis. Neoficiāli tā instalēšana prasa trīs lappuses nežēlīgu uzlaušanu, ko es absolūti neesmu izdarījis. Jebkurā gadījumā tā galvenā diagnostikas komanda nav atpazīta.

[[email protected] ~]$ sestatus -bash: sestatus: command not found 

Lūdzu, kas man pietrūkst?

Ideālā gadījumā tas būtu atzīmēts ar saitēm, bet es esmu jauns un nevaru izveidot tagus.

  • Vērtīgāks ir jūsu Apache saturs .conf failus. Tas var būt zem /etc/httpd/sites.enabled/*.conf vai kā uz Debian sistēmas, zem /etc/apache2/sites.enabled/*.conf.
  • Pārliecinieties arī, vai jūsu tīmekļa serverim ir piekļuve apakšdirektorijam (t.i. demodir jābūt lasāmam apache2, Debianā tas ir www-data, uz RPM balstītām sistēmām tas ir httpd)
  • Kas tiek rakstīts error_log kad iesit vienu no šiem?
  • @ alexis-wilke Pievienoja visu Apache .conf failu saturu un ls, kurā teikts, ka Apache lietotājs var lasīt un izpildīt demodir.
  • 1 Jūs varētu arī iekļaut ls -al /srv/http/demodir tikai, lai pārliecinātos, ka apakšdirektorijā lietotājs un atļaujas ir identiskas tām, kas atrodas augšējā direktorijā.

The ln komandas šeit izskatās nepareizi.

[[email protected] ~]$ mv PicSub.jpg demodir/ [[email protected] ~]$ ln -s demodir/PicSub.jpg linkintoptosub.jpg [[email protected] ~]$ ln -s PicTop.jpg linkintoptotop.jpg [[email protected] ~]$ ln -s PicTop.jpg demodir/linkinsubtotop.jpg [[email protected] ~]$ ln -s demodir/PicSub.jpg demodir/linkinsubtosub.jpg 

Saite uz PicTop.jpg prasa a ../ kad tas izdarīts demodīra iekšienē.

Saite uz PicSub.jpg no iekšienes demodir nedrīkst ietvertdemodir/.

(ok) [[email protected] ~]$ mv PicSub.jpg demodir/ (ok) [[email protected] ~]$ ln -s demodir/PicSub.jpg linkintoptosub.jpg (ok) [[email protected] ~]$ ln -s PicTop.jpg linkintoptotop.jpg (fix) [[email protected] ~]$ ln -s ../PicTop.jpg demodir/linkinsubtotop.jpg (fix) [[email protected] ~]$ ln -s PicSub.jpg demodir/linkinsubtosub.jpg 

To sakot, ls -l parāda Ubuntu man citas krāsas bojātās saites. Varbūt Arch to nedara? Es to vecumu neesmu izmantojis. Viens veids, kā pārbaudīt, vai programmatūras saite ir derīga, ir izmantot komandu, piemēram, test -f vai stat . Tas atgriezīs kļūdu, ja saite nenorādīs uz pareizo vietu.

Lai atjaunotu programmatūras saiti, vispirms noņemiet esošo.

[[email protected] ~]$ rm demodir/linkinsubtotop.jpg [[email protected] ~]$ ln -s ../PicTop.jpg demodir/linkinsubtotop.jpg 
  • 1 Jā, tur jums iet - problēma nav Apache, bet gan ar to, kā es ln lietoju problēmu novēršanas laikā. Pēc tam, kad httpd.conf nebija pielāgots, pēc tam mācījos un skrēju, kā arī meklēju strace žurnālus, es parādīju, ka problēma nav saistīta ar symlink mērķa atļaujām, un atklāju, ka ln nedarbojas tā, kā es domāju, veidojot relatīvas saites apakšdirektorijos. Es domāju, ka tā zina, kā ievietot punktus. Lai sagādātu papildu prieku, neviens Arch's neizšķir labu no sliktajām saitēm, bet lietotāja http vienalga nebija ieslēgta gala krāsošana.

strādāja par jums: Charles Robertson | Vēlies ar mums sazināties?

noderīga informācija