Apache odd permission behavior in Ubuntu 14.04

Short version:

Apache deny access to file at /opt/adminer, but works as expected if the file served is at /usr/share/adminer/adminer.

Longer version:

The package adminer installs this apache configuration file:

#Apache configuration
Alias /adminer /usr/share/adminer/adminer
<Directory /usr/share/adminer/adminer> Options FollowSymLinks DirectoryIndex index.php <IfModule mod_php5.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_value include_path . </IfModule>
</Directory>

But the adminer version provided in Ubuntu 14.04 is somewhat old, and I decided to download the current version.

I put the adminer.php (renamed to index.php) file at /opt/adminer, and changed the relevant paths in the previous configuration file accordingly.

Alias /adminer /opt/adminer
#Alias /adminer /usr/share/adminer/adminer
<Directory /opt/adminer>
#<Directory /usr/share/adminer/adminer> Options FollowSymLinks DirectoryIndex index.php <IfModule mod_php5.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_value include_path . </IfModule>
</Directory>

But this don't work. When I use a browser to access the adminer web app, I see this:

Forbidden

You don't have permission to access /adminer/ on this server.

In the log file:

[Thu Dec 10 18:08:15.425548 2015] [authz_core:debug] [pid 31647] mod_authz_core.c(802): [client 10.0.2.2:49992] AH01626: authorization result of Require all denied: denied

[Thu Dec 10 18:08:15.425671 2015] [authz_core:debug] [pid 31647] mod_authz_core.c(802): [client 10.0.2.2:49992] AH01626: authorization result of : denied

[Thu Dec 10 18:08:15.425691 2015] [authz_core:error] [pid 31647] [client 10.0.2.2:49992] AH01630: client denied by server configuration: /opt/adminer/

But if I copy the index.php file from /opt/adminer to /usr/share/adminer/adminer, and change the configuration file accordingly, it works flawlessly.

More info:

vagrant@vagrant-ubuntu-trusty-64:~$ ll /opt/adminer/
total 416
drwxr-xr-x 2 root root 4096 Dez 7 23:01 ./
drwxr-xr-x 3 root root 4096 Dez 7 22:10 ../
-rw-r--r-- 1 root root 415388 Nov 15 18:50 index.php
vagrant@vagrant-ubuntu-trusty-64:~$ ll /usr/share/adminer/adminer/
total 416
drwxr-xr-x 2 root root 4096 Dez 10 17:29 ./
drwxr-xr-x 3 root root 4096 Dez 10 17:29 ../
-rw-r--r-- 1 root root 415388 Dez 10 17:29 index.php
5

2 Answers

I found the problem..

At /etc/apache2/apache2.conf:

<Directory /> Options FollowSymLinks AllowOverride None Require all denied
</Directory>
<Directory /usr/share> AllowOverride None Require all granted
</Directory>
<Directory /var/www/> Options Indexes FollowSymLinks AllowOverride None Require all granted
</Directory>

So, by default Apache denies access to everything except /usr/share and /var/www.

So I need to edit the apache2.conf file and also explicitly allow access to /opt:

<Directory /opt/> Options Indexes FollowSymLinks AllowOverride None Require all granted
</Directory>

or simply add Require all granted inside the Directory part of my original configuration file:

Alias /adminer /opt/adminer
#Alias /adminer /usr/share/adminer/adminer
<Directory /opt/adminer>
#<Directory /usr/share/adminer/adminer> Options FollowSymLinks DirectoryIndex index.php Require all granted # <---------- <IfModule mod_php5.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_value include_path . </IfModule>
</Directory>
2

In ubuntu server 16.04.1 LTS you have to add line (/etc/apache2/apache2‌​.conf):

#put some comment here to know what happend
Include /etc/adminer/apache.conf

I have added this line before:

<Directory />

and after restarting apache2 everything is working fine.

Before this line was added nothing was working.

0

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like