Symbolic link and Apache directory listing

This post explains how to set (and enable) document root as a symbolic link for Apache web server. By default symbolic link is not enabled and error message will be displayed instead of requested page. In a few steps (and config files), Apache on Fedora Core 20 can be configured to allow symbolic links and display directory listing.

After fresh Fedora 20 installation and placing symbolic link to the document root the following error message will be displayed in the browser:

Symbolic link not allowed or link target not accessible: /var/www/html

First step is to be sure that “FollowSymLinks” option is set in Apache configuration file. Open /etc/httpd/conf/httpd.conf file and check if “FollowSymLinks” option is present in “Directory” section:

<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted

After httpd.conf is saved, Apache web server should be restarted with systemctl command:

# systemctl restart httpd.service

In my case, symbolic link was pointing to the home directory. Directory permissions (file-system level) should allow reading from this folder. Since the Apache web server is configured on my PC (and I am the only user), adding read permissions on my home dir is not considered as a potential security hole. In any other case, this step should be take with a great caution. Directory permissions is set with chmod command:

$ chmod 755 /home/dbunic

After read permissions are set for /home/dbunic directory, the next problem was with SELinux (Security-Enhanced Linux). Here is error message describing the problem (the popup with error was shown on my GNOME desktop):

SELinux is preventing /usr/sbin/httpd from search access on the directory.

This popup also presented suggestions how to resolve the problem (setsebool commands were listed). The trick was to enable home dirs for Apache and allow reading user content (both commands should be executed as a root user):

# setsebool -P httpd_enable_homedirs 1

# setsebool -P httpd_read_user_content 1

At this point, Apache starts to display content from user directory. If directory doesn’t have index.html or index.php, the Welcome page will be displayed. With default Apache configuration, all errors will be printed in error_log file. Here is error message from /var/log/httpd/error_log file:

Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive.

To enable directory listing, “Indexes” option should be set. Open httpd.conf file and set “Indexes” option in Directory section. It’s very likely that Apache will not display directory content with this modification. With that in mind, it seems that “Indexes” option is disabled somewhere else in Apache configuration. During Apache start-up, server reads httpd.conf and all *.conf files from /etc/httpd/conf.d/ directory. In conf.d directory pay attention to the welcome.conf configuration file. Inside is explicitly turned off displaying directory listing with “-Indexes” option. The cleanest way to turn on directory listing is to rename welcome.conf file (don’t forget to restart Apache):

# cd /etc/httpd/conf.d

# mv welcome.conf

After applying all this steps, Apache should display content from symbolic linked directories

Leave a Comment