Bug 1127016

Description of problem:

When Lighttpd is started as a service (i.e., service lighttpd start) and the Lighttpd Alias module is configured to point to a random location on the disk (i.e., alias.url += ( "/abc/" => "/cde/" ), access is denied even if the file permissions are set to a+rX for the entire path.

When Lighttpd is started from the command line (i.e., /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf) the problem does note exist.


Version-Release number of selected component (if applicable):

# yum info lighttpd
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * base: mirror.net.cen.ct.gov
 * epel: mirror.us.leaseweb.net
 * extras: centos.netnitco.net
 * updates: mirror.us.leaseweb.net
Installed Packages
Name : lighttpd
Arch : x86_64
Version : 1.4.35
Release : 1.el6
Size : 775 k
Repo : installed
From repo : epel
Summary : Lightning fast webserver with light system requirements
URL : http://www.lighttpd.net/ [^]
License : BSD
Description : Secure, fast, compliant and very flexible web-server which has
            : been optimized for high-performance environments. It has a very
            : low memory footprint compared to other webservers and takes care
            : of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth,
            : Output-Compression, URL-Rewriting and many more) make it the
            : perfect webserver-software for every server that is suffering load
            : problems.

# uname -a
Linux rares-demo 2.6.32-279.19.1.el6.x86_64 0000001 SMP Wed Dec 19 07:05:20 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/issue
CentOS release 6.5 (Final)
Kernel \r on an \m


How reproducible: always


Steps to Reproduce:

1. Enable Alias module in Lighttpd:

  /etc/lighttpd/modules.conf

  server.modules = (
    "mod_access",
  )

2. Configure an Alias in Lighttpd:

  /etc/lighttpd/conf.d/alias.conf

  alias.url += ( "/abc/" => "/cde/" )

3. Create Alias taget directory, index file and set permissions:

  mkdir /cde
  touch /cde/index.html
  chmod -R a+rX /cde

4. (Optional) Enable Debug mode in Lighttpd:

  /etc/lighttpd/lighttpd.conf

  include "conf.d/debug.conf"

5. Start Lighttpd as a service:

  service lighttpd start

6. Access the Alias URL

  http://.../abc/ [^]

  Returns: 403 - Forbidden. See log in "Additional Information"

7. Stop Lighttpd service

  service lighttpd stop

8. Start Lighttpd from the command line

  /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf

9. Access the Alias URL

  http://.../abc/ [^]

  Returns: 200 - OK (empty file)


Additional info:

==> /var/log/lighttpd/error.log <==
2014-08-04 18:26:13: (request.c.311) fd: 7 request-len: 366
GET /abc/ HTTP/1.1
Host: ...
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cache-Control: max-age=0
Connection: Keep-Alive
Pragma: no-cache
X-BlueCoat-Via: 7f4b3efa3f5eef52

 
2014-08-04 18:26:13: (response.c.339) -- splitting Request-URI
2014-08-04 18:26:13: (response.c.340) Request-URI : /abc/
2014-08-04 18:26:13: (response.c.341) URI-scheme : http
2014-08-04 18:26:13: (response.c.342) URI-authority : ...
2014-08-04 18:26:13: (response.c.343) URI-path (raw) : /abc/
2014-08-04 18:26:13: (response.c.344) URI-path (clean): /abc/
2014-08-04 18:26:13: (response.c.345) URI-query :
2014-08-04 18:26:13: (mod_access.c.135) -- mod_access_uri_handler called
2014-08-04 18:26:13: (response.c.473) -- before doc_root
2014-08-04 18:26:13: (response.c.474) Doc-Root : /var/www/lighttpd
2014-08-04 18:26:13: (response.c.475) Rel-Path : /abc/
2014-08-04 18:26:13: (response.c.476) Path :
2014-08-04 18:26:13: (response.c.524) -- after doc_root
2014-08-04 18:26:13: (response.c.525) Doc-Root : /var/www/lighttpd
2014-08-04 18:26:13: (response.c.526) Rel-Path : /abc/
2014-08-04 18:26:13: (response.c.527) Path : /var/www/lighttpd/abc/
2014-08-04 18:26:13: (response.c.544) -- logical -> physical
2014-08-04 18:26:13: (response.c.545) Doc-Root : /var/www/lighttpd
2014-08-04 18:26:13: (response.c.546) Basedir : /cde/
2014-08-04 18:26:13: (response.c.547) Rel-Path : /abc/
2014-08-04 18:26:13: (response.c.548) Path : /cde/
2014-08-04 18:26:13: (response.c.565) -- handling physical path
2014-08-04 18:26:13: (response.c.566) Path : /cde/
2014-08-04 18:26:13: (response.c.573) -- file found
2014-08-04 18:26:13: (response.c.574) Path : /cde/
2014-08-04 18:26:13: (response.c.725) -- handling subrequest
2014-08-04 18:26:13: (response.c.726) Path : /cde/
2014-08-04 18:26:13: (mod_indexfile.c.150) -- handling the request as Indexfile
2014-08-04 18:26:13: (mod_indexfile.c.151) URI : /abc/
2014-08-04 18:26:13: (response.c.737) -- subrequest finished

==> /var/log/lighttpd/access.log <==
... ... - [04/Aug/2014:18:26:13 +0000] "GET /abc/ HTTP/1.1" 403 345 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0"