Ubuntu 升级后,Apache2.4 在符号链接上返回 403/Forbidden 错误

Ubuntu 升级后,Apache2.4 在符号链接上返回 403/Forbidden 错误

我刚刚将我的开发工作站从 Kubuntu 18.04 升级到 Kubuntu 22.04.2 LTS。

为便于理解,我将 保存/home在单独的磁盘上/。 前一个文件/仍保存在/mnt/sdc5

Kubuntu 18.04 正在运行:

$ /mnt/sdc5/usr/sbin/apache2 -v
Server version: Apache/2.4.56 (Ubuntu)
Server built:   2023-03-09T07:33:5

而 22.04 正在运行:

$ apache2 -v
Server version: Apache/2.4.52 (Ubuntu)
Server built:   2023-03-08T17:32:01

(是的,截至上周末,Bionic 显然拥有比 Jammy 更新的 apache2)。

我已将所有 apache/ssl 配置从 复制到 中的/mnt/sdc5所有 Web 根目录(我已设置了多个 vhost),并将/mnt/sdc5/var/www/其复制到 中的功能位置/var/www/。与之前的环境一样,/var/www/*/跨物理磁盘下的符号链接从复制sda5到我的~( sdb5) /home/dracos/

我几乎把所有东西都归为/var/www/*dracos:www-data并且把自己放在了以下www-data组中:

$ groups dracos
dracos : dracos adm cdrom sudo dip www-data plugdev lpadmin lxd sambashare

Apache 运行良好,除了浏览任何符号链接都会返回 403 错误(即http://ref.harad/knotwork):

[Wed Mar 29 17:54:02.090919 2023] [core:error] [pid 439254] [client 192.168.0.21:51496] AH00037: Symbolic link not allowed or link target not accessible: /var/www/ref/htdocs/knotwork

在这种情况下,htdocs是一个目录,而是knotwork一个符号链接:

$ ll /var/www/ref/htdocs/|grep knotwork lrwxrwxrwx 1 dracos www-data 30 Jun 18 2021 knotwork -> /home/dracos/graphics/knotwork

它的完整路径如下:

$ stat /var/
  File: /var/
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 805h/2053d      Inode: 2883585     Links: 15
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-03-29 11:03:25.026834422 -0600
Modify: 2023-03-27 22:03:04.511844496 -0600
Change: 2023-03-27 22:03:04.511844496 -0600
 Birth: 2023-03-25 22:09:41.157329268 -0600

$ stat /var/www/
  File: /var/www/
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 805h/2053d      Inode: 3277054     Links: 24
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-03-29 15:47:21.907537823 -0600
Modify: 2023-03-29 15:46:51.232613614 -0600
Change: 2023-03-29 15:46:51.232613614 -0600
 Birth: 2023-03-27 22:03:04.511844496 -0600

$ stat /var/www/ref
  File: /var/www/ref
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 805h/2053d      Inode: 3285520     Links: 6
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-03-29 15:47:22.487517480 -0600
Modify: 2021-05-01 11:12:49.857126723 -0600
Change: 2023-03-29 15:47:09.575970401 -0600
 Birth: 2023-03-29 15:46:51.232613614 -0600

$ stat /var/www/ref/htdocs
  File: /var/www/ref/htdocs
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 805h/2053d      Inode: 3287655     Links: 41
Access: (0775/drwxrwxr-x)  Uid: ( 1000/  dracos)   Gid: (   33/www-data)
Access: 2023-03-29 17:54:02.380602649 -0600
Modify: 2023-01-13 15:20:42.794065309 -0700
Change: 2023-03-29 17:53:56.380789344 -0600
 Birth: 2023-03-29 15:46:51.724596365 -0600

$ stat /var/www/ref/htdocs/knotwork
  File: /var/www/ref/htdocs/knotwork -> /home/dracos/graphics/knotwork
  Size: 30              Blocks: 0          IO Block: 4096   symbolic link
Device: 805h/2053d      Inode: 3287656     Links: 1
Access: (0777/lrwxrwxrwx)  Uid: ( 1000/  dracos)   Gid: (   33/www-data)
Access: 2023-03-29 17:54:02.084611865 -0600
Modify: 2021-06-18 16:02:41.686238932 -0600
Change: 2023-03-29 17:53:56.308791583 -0600
 Birth: 2023-03-29 15:46:51.724596365 -0600

apache2.conf

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Require all denied
</Directory>

<Directory /usr/share>
    AllowOverride None
    Require all granted
</Directory>

<Directory /var/www/>
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

该虚拟主机的完整配置如下(001-ref.conf):

<VirtualHost ref.harad:80>
    ServerName ref.harad
    ServerAdmin webmaster@localhost

    DocumentRoot /var/www/ref/htdocs
    <Directory />
        Options FollowSymLinks Includes
        AllowOverride None
    </Directory>
    <Directory /var/www/ref/htdocs/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        #Order allow,deny
        #allow from all
        Require all granted
    </Directory>
    <Directory /var/www/ref/htdocs/_flyspray/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        #Order allow,deny
        #allow from all
        Require all granted
    </Directory>

    ErrorLog /var/log/apache2/error_ref.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/access_ref.log combined
</VirtualHost>

在这个文件中,我注释掉了Orderallow行,而使用Require下面的行,这没有什么区别。

没有配置错误:

$ apachectl configtest
Syntax OK

Apache 正在运行:

$ systemctl status apache2.service
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-03-29 17:44:29 MDT; 49min ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 439245 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
   Main PID: 439250 (/usr/sbin/apach)
      Tasks: 7 (limit: 38327)
     Memory: 42.0M
        CPU: 917ms
     CGroup: /system.slice/apache2.service
             ├─439250 /usr/sbin/apache2 -k start
             ├─439251 /usr/sbin/apache2 -k start
             ├─439252 /usr/sbin/apache2 -k start
             ├─439253 /usr/sbin/apache2 -k start
             ├─439254 /usr/sbin/apache2 -k start
             ├─439255 /usr/sbin/apache2 -k start
             └─439896 /usr/sbin/apache2 -k start

Mar 29 17:44:29 harad systemd[1]: Starting The Apache HTTP Server...
Mar 29 17:44:29 harad systemd[1]: Started The Apache HTTP Server.

knotwork导致的权限/home

$ stat /home
  File: /home
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 812h/2066d      Inode: 2           Links: 8
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-03-29 10:33:09.874123424 -0600
Modify: 2023-03-25 22:13:38.754784783 -0600
Change: 2023-03-25 22:13:38.754784783 -0600
 Birth: 2019-03-03 08:52:01.000000000 -0700

$ stat /home/dracos
  File: /home/dracos
  Size: 24576           Blocks: 48         IO Block: 4096   directory
Device: 812h/2066d      Inode: 103153665   Links: 116
Access: (0750/drwxr-x---)  Uid: ( 1000/  dracos)   Gid: ( 1000/  dracos)
Access: 2023-03-29 11:03:19.023044685 -0600
Modify: 2023-03-29 11:03:17.423100718 -0600
Change: 2023-03-29 11:03:17.423100718 -0600
 Birth: 2023-03-25 22:13:38.750781079 -0600

$ stat /home/dracos/graphics
  File: /home/dracos/graphics
  Size: 36864           Blocks: 72         IO Block: 4096   directory
Device: 812h/2066d      Inode: 94372596    Links: 16
Access: (0755/drwxr-xr-x)  Uid: ( 1000/  dracos)   Gid: ( 1000/  dracos)
Access: 2023-03-29 15:48:58.536144219 -0600
Modify: 2023-02-25 15:55:31.878748109 -0700
Change: 2023-03-26 02:15:19.817837898 -0600
 Birth: 2019-03-03 17:58:31.009967662 -0700
harad /etc/apache2

$ stat /home/dracos/graphics/knotwork
  File: /home/dracos/graphics/knotwork
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 812h/2066d      Inode: 124257516   Links: 2
Access: (0775/drwxrwxr-x)  Uid: ( 1000/  dracos)   Gid: ( 1000/  dracos)
Access: 2023-03-29 10:32:38.795209595 -0600
Modify: 2022-04-09 19:03:00.488673788 -0600
Change: 2023-03-10 20:49:52.217436682 -0700
 Birth: 2021-01-17 12:55:57.612873620 -0700

我花了 3 个多小时才弄清楚。配置很干净。权限与以前相同。我不明白为什么我无法浏览符号链接。一旦我解决了这个问题,我的所有其他虚拟主机(它们都有符号链接)将再次正常运行。

过去,我自己已经多次解决了这个问题。在阅读了二十多个帖子寻找答案后,我忽略了哪些晦涩的细节?

答案1

解决了:

解决方案就在问题中:

$ stat /home/dracos
  File: /home/dracos
  Size: 24576           Blocks: 48         IO Block: 4096   directory
Device: 812h/2066d      Inode: 103153665   Links: 116
Access: (0750/drwxr-x---)  Uid: ( 1000/  dracos)   Gid: ( 1000/  dracos)
Access: 2023-03-29 11:03:19.023044685 -0600
Modify: 2023-03-29 11:03:17.423100718 -0600
Change: 2023-03-29 11:03:17.423100718 -0600
 Birth: 2023-03-25 22:13:38.750781079 -0600

/home/dracos设置为权限 750。修复方法是:

$ chmod o+rx /home/dracos

其结果是:

$ stat /home/dracos
  File: /home/dracos
  Size: 24576           Blocks: 48         IO Block: 4096   directory
Device: 812h/2066d      Inode: 103153665   Links: 116
Access: (0755/drwxr-xr-x)  Uid: ( 1000/  dracos)   Gid: ( 1000/  dracos)
Access: 2023-03-30 11:24:15.992545084 -0600
Modify: 2023-03-30 11:24:12.112622510 -0600
Change: 2023-03-30 12:47:43.904426309 -0600
 Birth: 2023-03-25 22:13:38.750781079 -0600

通过仔细检查,我终于注意到了这一点/home/

$ ll /home/
total 96K
drwxr-xr-x   8 root   root   4.0K Mar 25 22:13 .
drwxr-xr-x  20 root   root   4.0K Mar 25 22:11 ..
drwx------   4 dracos dracos 4.0K Mar 27 12:54 bak_18.4
drwxr-x--- 116 dracos dracos  24K Mar 30 11:24 dracos
drwxr-xr-x  77 dracos dracos  32K Mar 27 18:02 dracos_18.04
drwxr-xr-x   7   1001   1001 4.0K Mar  4  2019 git
drwx------   2 root   root    16K Mar  3  2019 lost+found
drwxr-xr-x  25 root   root   4.0K Mar 10 20:12 root_18.4

/home/dracos_18.04~在实时启动盘中运行 22.04 安装程序之前重命名的以前的安装在哪里?

相关内容