Project

General

Profile

Forums » Support »

Symbolic Links to Another Mounted Volume / 403 - Forbidden

Added by michalc over 13 years ago

Hi,

I'm trying to serve static files, but in a directory on another volume. However, whenever I try to view a file in the directory, I get a 403 - Forbidden. What I've tried:

- Symbolic links on the same volume work fine, both inside and outside of the document root. So server.follow-symlink = "enable" I think is set fine.
- I've checked permissions on the file and directory in question, and it's all world-readable
- I've tried server.network-backend = "linux-sendfile" and server.network-backend = "writev" to see if there is any difference. There isn't.
- I've enabled debug.log-request-handling, and it just says "access denied" when it gets to the point where it accesses the file.

My setup:

Linux: 2.6.35.11-83.9.amzn1.i686 (on Amazon AWS EC2)
Lighttpd: 1.4.28
Config: http://paste.lighttpd.net/1638

Can anyone help?

Michal.


Replies (3)

RE: Symbolic Links to Another Mounted Volume / 403 - Forbidden - Added by spaam over 13 years ago

check if you have SELinux active and disable that

RE: Symbolic Links to Another Mounted Volume / 403 - Forbidden - Added by michalc over 13 years ago

Hi,

Thanks for your reply. I have followed the instructions http://www.crypt.gen.nz/selinux/disable_selinux.html to fully disable SELinux, and I have. For reference, I edited /boot/grub/grub.conf and added selinux=0 . Now if I run "sestatus", and it reports it is disabled.

However, the symbolic links still do not work. Any other suggestions?

EDIT: I have also now tried viewing files, and the contents of files, via the symlinked directory from the command line as the lighttpd user, just in case there are any permissions issues, and that works fine.

Michal.

RE: Symbolic Links to Another Mounted Volume / 403 - Forbidden - Added by michalc over 13 years ago

Solved: I feel mildly foolish, but it was a permissions issue on the parent directories: they needed +x on them. The fact that the ones that didn't work were on a different filesystem was just a coincidence.

    (1-3/3)