The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 Apache SSL Bug?
Author: el_kab0ng 
Date:   18-01-02 01:11

So I decided to upgrade my apache server to the Apache 1.3.22 + mod_ssl the other day.

All was fine until I tried to reinstate the ~/user web space. It appears as though you cannot specifically assign /usr/home/*/public_html as a valid directory for Apache to read. It tries to follow the symbolic link from /usr/home to /home which in turn breaks the user space. The only way I have found to fix this is to FollowSymLinks in my Options for Directory /

This seems like a VERY insecure way to run a webserver, and might be considered a bug. Has anyone else experienced this sort of nonsense?

To show you guys what sorts of configs I've tried:

Tried:
<Directory /home/*/public_html>
AllowOverride AuthConfig
Options FollowSymLinks
</Directory>

Got:
[Thu Jan 17 15:54:26 2002] [error] [client 192.168.1.1] Symbolic link not allowed: /home/

Tried:
Moving the same Directory container within the SSL VirtualHost.

Got: Same Error

Tried:
<Directory /usr/home/*/public_html>
AllowOverride AuthConfig
Options FollowSymLinks
</Directory>

Got:
Same Error

Talk about ANNOYING!!!

Reply To This Message
 
 Re: Apache SSL Bug?
Author: Anaconda 
Date:   18-01-02 01:26

I'm no expert, but I am running Apache+PHP+SSL+mySQL (just for training reasons)... but I'd try:

<Directory ~/public_html>

Let me know if that works :)

Reply To This Message
 
 Re: Apache SSL Bug?
Author: el_kab0ng 
Date:   18-01-02 01:38

Instead of <Directory /home/*/public_html> ?

Reply To This Message
 
 Re: Apache SSL Bug?
Author: el_kab0ng 
Date:   18-01-02 01:40

Anyway, it didn't work... same error...=[

Reply To This Message
 
 Re: Apache SSL Bug?
Author: Anaconda 
Date:   18-01-02 01:43

Ahh... well I'm not sure then :(

I know the $HOME/bla won't work in apache... I'm still new at all this (about 4 months new).

Chris

Reply To This Message
 
 Re: Apache SSL Bug?
Author: el_kab0ng 
Date:   18-01-02 01:59

heh... some consider me an expert at apache... and normally I am on plain vanilla servers, but this SSL stuff throws me for a loop sometimes...

Reply To This Message
 
 Re: Apache SSL Bug?
Author: Dan Langille 
Date:   18-01-02 02:55

In my httpd.conf I find this. Why didn't you use that?

#
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is received.
#
<IfModule mod_userdir.c>
UserDir public_html
</IfModule>

#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS PROPFIND>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS PROPFIND>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>

Reply To This Message
 
 Re: Apache SSL Bug?
Author: el_kab0ng 
Date:   18-01-02 03:20

it is enabled. just like that, actually.. I just wanted to fine tune the controls a bit...

it appears to be a symlink issue within Apache, or a bug... =/

Reply To This Message
 
 Re: Apache SSL Bug?
Author: aaron 
Date:   19-01-02 07:45

Hi

el_kab0ng, change the "public_html" in the below to the name of the folder you want ~ to default to in each user directory.

<IfModule mod_userdir.c>
UserDir public_html
</IfModule>


Best Regards

Aaron

Reply To This Message
 
 Re: Apache SSL Bug?
Author: el_kab0ng 
Date:   21-01-02 16:31

it's already set up that way.

I'm seriously considering posting to BugTraq that this apparent "bug" exists. I've tried dealing with the mod_ssl lists, and they seem to have ignored the question.. or didn't understand at all.

We shall see what sort of audience I can gather on this...

Reply To This Message
 
 Re: Apache SSL Bug?
Author: lmb 
Date:   24-06-05 07:14

Might it be that you have "SymLinksIfOwnerMatch" enabled in your httpd.conf for the userdirs?

imo this is a good practise, and should be used, but since your users homedirs in the passwd file is /home/username, and /home is a symlink to /usr/home, wich are not owned by the correct uid, it wont work.

Just set your users homedir to /usr/home/username and the problem is solved.

Reply To This Message
 
 Re: Apache SSL Bug?
Author: lmb 
Date:   24-06-05 09:16

I take it you have "SymLinksifOwnerMatch" enabled on your userdirs.

Your users have /home/username as their homedir in the passwd file.

/home is a sybolic link to /usr/home, but "the owner doesent match"

It's as simple as that.

Change your users homedir to /usr/home/username using chsh or something, and you are set to go.



Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org