Serving webpages using symlinks

Discussion in 'macOS' started by josefilipe, Aug 31, 2006.

Most Liked Posts
  1. josefilipe, Aug 31, 2006

    josefilipe macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #1
    I have a small collection of pictures that I want to share with some friends. I've modified httpd.conf so that apache doesn't use the '~username' part and only serves webpages from '/Library/WebServer/Documents'.

    The pictures amount to 300MB and I don't want to make a copy to the root directory of the webserver, so that I can grow my collection while maximizing the available disk space.

    The pictures folder is located at ~/Documents/pictures/ and I want my url to become http://url.com/pictures

    What do I need to do in the httpd.conf file so that I can use symlinks to point to the pictures folder? Do I need to mess with permissions?
     
    share
    + Quote Reply
  2. iMeowbot, Aug 31, 2006

    iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #2
    Yes, you do need to make sure that the pictures are readable by others, and you'll want FollowSymLinks on the Options line of your <Directory> entry.
     
    share
    + Quote Reply
  3. josefilipe, Aug 31, 2006

    josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #3
    This is my <Directory> entry:

    Code:
    <Directory "/path/to/original/pictures">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
    The folder pictures and everything inside it is 'Others: read only'. I've created an alias inside '/Library/WebServer/Documents' to the picture folder using ALT+CMD keys and it appears when I go to the root of the server. Still, I get this error when I click the pictures link: 'The requested URL /babes/ was not found on this server.'
     
    share
    + Quote Reply
  4. iMeowbot, Aug 31, 2006

    iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #4
    Hmph. Do you also have FollowSymLinks enabled on your DocumentRoot directory?
     
    share
    + Quote Reply
  5. josefilipe, Aug 31, 2006

    josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #5
    These are the defaults that came with httpd.conf:

    Code:
    <Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

<Directory "/Library/WebServer/Documents">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
     
    share
    + Quote Reply
  6. iMeowbot, Aug 31, 2006

    iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #6
    Okay, it just dawned on me that this is the problem:

    That doesn't create a symlink, it creates an alias file. Just to add to the confusion, if you create a symlink in Terminal, it looks just like an alias in the Finder.

    Trash that alias, and instead create it from Terminal:

    Code:
    cd  /Library/WebServer/Documents
ln -s /path/to/the/real/mypics mypics
     
    share
    + Quote Reply
  7. josefilipe, Aug 31, 2006

    josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #7
    The symlink works, but now I get a different error:

    'You don't have permission to access /pictures/ on this server.' :confused:
     
    share
    + Quote Reply
  8. iMeowbot, Aug 31, 2006

    iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #8
    That's good, it means we are getting closer.

    The next thing to do is start up Console in your Utilities folder, and drill down in the drawer to the /var/log section, then httpd, and look at error_log.

    Scroll down to the bottom and check out the messages. See if there is an error like:

    If that is the message, that means that one of the directories in the path to your (real) pictures folder needs read+execute permissions for "others" added (I think Apache may be happy with just execute).

    ----

    On a related note, that <Directory> entry that you added -- the path is that of the symlink you created, right?
     
    share
    + Quote Reply
  9. josefilipe, Aug 31, 2006

    josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #9
    That's the error that appears in error_log:

    Code:
    Permission denied: access to /pictures failed because search permissions are missing on a component of the path
    How do I set the necessary permissions to the entire folder, subfolders and pictures?
     
    share
    + Quote Reply
  10. iMeowbot, Aug 31, 2006

    iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #10
    Okay, let's say for example that your pictures are located at /Users/imeowbot/stuff/Pictures

    In Terminal, cd /Users/imeowbot/stuff and then ls -ld Pictures

    You may see something like:
    Code:
    drwx------   imeowbot imeowbot 72   2448 Aug 30 06:21 Pictures
    That --- and the end of the left column will interfere with Apache, fix it with chmod o+x Pictures so that the ls command returns:

    Code:
    drwx-----x   imeowbot imeowbot 72   2448 Aug 30 06:21 Pictures
    Then step up the tree with cd .. and use the same ls command on the stuff directory, checking again for that x, and again using chmod to open it up if needed.

    You can try reloading the page in your browser at each step to see if the error is cleared.

    As you can guess, this will let any other users on your Mac see the contents of those folders. Apache is one of those other users who needs to see.
     
    share
    + Quote Reply
  11. josefilipe, Aug 31, 2006

    josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #11
    After changing the permissions everything is now working perfectly.

    Thank you for the very thorough help and troubleshooting. :)
     
    share
    + Quote Reply
  12. josefilipe, Aug 31, 2006

    josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #12
    BTW, do you know any tips on securing Apache on Mac OS X 10.4.7?
     
    share
    + Quote Reply
  13. iMeowbot, Aug 31, 2006

    iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #13
    The Apache that comes with OS X client is really pretty secure out of the box, the add-on modules that usually get exploited (PHP and so on) aren't enabled unless you go in and add them by hand.

    Just in case, it's a good idea to assume that the whole world can look your whole filesystem. Make sure that any files and directories you don't want the whole world to see are not world readable (and especially not writable by the world or the www user). Really, Apache does a good job of restricting access, this is only to defend against undiscovered bugs.

    As we saw here, it usually takes some effort to let Apache serve files outside its own folder.
     
    share
    + Quote Reply
  14. josefilipe, Sep 1, 2006

    josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #14
    Besides the <Document> root entry, do I need to add an entry to the pictures folder? Something like this:

    Code:
    <Directory "/path/to/original/pictures">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
     
    share
    + Quote Reply
  15. iMeowbot, Sep 1, 2006

    iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #15
    It's up to you. The options will be inherited unless you want different ones for that particular directory.
     
    share
    + Quote Reply
  16. josefilipe, Sep 1, 2006

    josefilipe thread starter macrumors member

    Joined:
    Jun 24, 2004
    Location:
    Portugal
    #16
    Once again thank you for all the help.
     
    share
    + Quote Reply
(You must log in or sign up to post here.)

Share This Page