Serving webpages using symlinks

Discussion in 'macOS' started by josefilipe, Aug 31, 2006.

  1. josefilipe macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #1
    I have a small collection of pictures that I want to share with some friends. I've modified httpd.conf so that apache doesn't use the '~username' part and only serves webpages from '/Library/WebServer/Documents'.

    The pictures amount to 300MB and I don't want to make a copy to the root directory of the webserver, so that I can grow my collection while maximizing the available disk space.

    The pictures folder is located at ~/Documents/pictures/ and I want my url to become http://url.com/pictures

    What do I need to do in the httpd.conf file so that I can use symlinks to point to the pictures folder? Do I need to mess with permissions?
     
  2. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #2
    Yes, you do need to make sure that the pictures are readable by others, and you'll want FollowSymLinks on the Options line of your <Directory> entry.
     
  3. josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #3
    This is my <Directory> entry:

    Code:
    <Directory "/path/to/original/pictures">
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>
    The folder pictures and everything inside it is 'Others: read only'. I've created an alias inside '/Library/WebServer/Documents' to the picture folder using ALT+CMD keys and it appears when I go to the root of the server. Still, I get this error when I click the pictures link: 'The requested URL /babes/ was not found on this server.'
     
  4. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #4
    Hmph. Do you also have FollowSymLinks enabled on your DocumentRoot directory?
     
  5. josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #5
    These are the defaults that came with httpd.conf:

    Code:
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    
    <Directory "/Library/WebServer/Documents">
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>
     
  6. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #6
    Okay, it just dawned on me that this is the problem:

    That doesn't create a symlink, it creates an alias file. Just to add to the confusion, if you create a symlink in Terminal, it looks just like an alias in the Finder.

    Trash that alias, and instead create it from Terminal:

    Code:
    cd  /Library/WebServer/Documents
    ln -s /path/to/the/real/mypics mypics
    
     
  7. josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #7
    The symlink works, but now I get a different error:

    'You don't have permission to access /pictures/ on this server.' :confused:
     
  8. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #8
    That's good, it means we are getting closer.

    The next thing to do is start up Console in your Utilities folder, and drill down in the drawer to the /var/log section, then httpd, and look at error_log.

    Scroll down to the bottom and check out the messages. See if there is an error like:

    If that is the message, that means that one of the directories in the path to your (real) pictures folder needs read+execute permissions for "others" added (I think Apache may be happy with just execute).

    ----

    On a related note, that <Directory> entry that you added -- the path is that of the symlink you created, right?
     
  9. josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #9
    That's the error that appears in error_log:

    Code:
    Permission denied: access to /pictures failed because search permissions are missing on a component of the path
    How do I set the necessary permissions to the entire folder, subfolders and pictures?
     
  10. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #10
    Okay, let's say for example that your pictures are located at /Users/imeowbot/stuff/Pictures

    In Terminal, cd /Users/imeowbot/stuff and then ls -ld Pictures

    You may see something like:
    Code:
    drwx------   imeowbot imeowbot 72   2448 Aug 30 06:21 Pictures
    
    That --- and the end of the left column will interfere with Apache, fix it with chmod o+x Pictures so that the ls command returns:

    Code:
    drwx-----x   imeowbot imeowbot 72   2448 Aug 30 06:21 Pictures
    
    Then step up the tree with cd .. and use the same ls command on the stuff directory, checking again for that x, and again using chmod to open it up if needed.

    You can try reloading the page in your browser at each step to see if the error is cleared.

    As you can guess, this will let any other users on your Mac see the contents of those folders. Apache is one of those other users who needs to see.
     
  11. josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #11
    After changing the permissions everything is now working perfectly.

    Thank you for the very thorough help and troubleshooting. :)
     
  12. josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #12
    BTW, do you know any tips on securing Apache on Mac OS X 10.4.7?
     
  13. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #13
    The Apache that comes with OS X client is really pretty secure out of the box, the add-on modules that usually get exploited (PHP and so on) aren't enabled unless you go in and add them by hand.

    Just in case, it's a good idea to assume that the whole world can look your whole filesystem. Make sure that any files and directories you don't want the whole world to see are not world readable (and especially not writable by the world or the www user). Really, Apache does a good job of restricting access, this is only to defend against undiscovered bugs.

    As we saw here, it usually takes some effort to let Apache serve files outside its own folder.
     
  14. josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #14
    Besides the <Document> root entry, do I need to add an entry to the pictures folder? Something like this:

    Code:
    <Directory "/path/to/original/pictures">
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>
     
  15. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #15
    It's up to you. The options will be inherited unless you want different ones for that particular directory.
     
  16. josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal

Share This Page