Home / server / Questions / 474386
Accepted
Bubnoff
Asked: 2013-02-01 14:33:20 +0800 CST

OpenBSD Apache configuration: NFS mount

  • 772

I have a NFS mount at /mnt/web/ on OpenBSD 5.2.

How can I mount this so it's accessible to the web?

Currently I'm soft linking it to /var/www/web

ln -s /mnt/web /var/www/web

I've added an alias directive in the apache config like so:

Alias /web/ "/var/www/web/"


    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all

The ownership shows that everyone should have read and execute. What am I doing wrong? Apache says:

Not Found The requested URL /web was not found on this server.

Is it possible that OpenBSD's default chroot'd apache configuration doesn't allow this?

Additional Info:
I was able to access the NFS share when linked to the /var/www/users directory and apache configured with the "UserDir" option.

UPDATE
It works when Apache is run without chroot enabled ...so, my next question: How can I get this to work within chroot?

UPDATE
I changed the mount location and mount options and now it works [ see my answer below ]. But I'd like advice on optimal permissions. These are static files only. Who should own these files?

apache-2.2

2 Answers

  1. I believe that your alias might be wrong, check out the documentation for the apache website for the difference between an alias such as "/web" and an alias "/web/".

    • 0
  2. Best Answer

    I got it to work in chroot'd Apache on OpenBSD5.2 by mounting the NFS share thusly:

    mount -t nfs -o suid,sync nfs-server:/nfs/web/ /var/www/htdocs/web

    ...then altering the Document root stanza in httpd.conf as follows:

    <Directory "/var/www/htdocs">
    Options Indexes FollowSymLinks Includes SymLinksifOwnerMatch
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>

    So ....now that it "works" * could someone please clarify what permissions I should be seeing when listing the NFS contents?

    ls -al /var/www/htdocs/web

    dr-xr-xr-x    10 www  www   4096 Dec  3 23:00 .
drwxrwxr-x  1012 www  www  32768 Feb  1 18:36 ..
dr-xr-xr-x     9 www   www      4096 Jun 13  2012 subdir1
dr-xr-xr-x     4 www   www        73 Jun 13  2012 subdir2
dr-xr-xr-x    15 www   www      4096 Jun 13  2012 subdir3
-rwxrwxrwx   1 www  www  87161949 Jul 12  2008 file3.mp3

    EDIT Everything is A-OK. There was no need for the Apache user 'www' to own these files or directories -- so now he doesn't. There was no need for any write access for anyone other than the owner -- so there isn't. Everything works and is accessible over the web and I believe the security is quite sound -- Ie., the default OpenBSD chroot environment is enabled and the permissions on the NFS share are strict.

    755 for directories and 644 for files. I think that's a wrap!

    Ie., by works I simply mean: shows up in browser

    • 0