Bug 521611

Summary: /etc/httpd/conf.d/v7.conf should have FollowSymlinks set
Product: [Retired] Red Hat Hardware Certification Program Reporter: Rainer Koenig <Rainer.Koenig>
Component: Test Suite (tests)Assignee: Greg Nichols <gnichols>
Status: CLOSED ERRATA QA Contact: Lawrence Lim <llim>
Severity: medium Docs Contact:
Priority: low    
Version: 1.0CC: nzhang, rlandry, tools-bugs, ykun
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-14 13:29:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
v7.conf patch to set FollowSymLinks none

Description Rainer Koenig 2009-09-07 09:14:03 UTC 
Description of problem:
Setup a brandnew RHEL5.4 server and installed v7 on it. Then installed the v7 fv-images to the /var/v7/ directory because the laboratory network can't access RHN. When trying to download v7i386.img.bz2 the HTTP server responds with FORBIDDEN sine this file is a symlink.

Version-Release number of selected component (if applicable):
v7-1.0-15.el5.noarch.rpm

How reproducible:
Always

Steps to Reproduce:
1. Install v7 network server
2. install v7 packages and fv-images
3. Try to download fv-images by using the symlink.. :)
  
Actual results:
FORBIDDEN

Expected results:
No problem should occur

Additional info:
Directory listing of /var/v7/fv-images:

ls -lh /var/v7/fv-images/
total 1018M
-rw-r--r-- 1 root root 8.4M Aug  7 15:16 v7data-20090616.img.tar.bz2
lrwxrwxrwx 1 root root   27 Sep  7 10:31 v7data.img.tar.bz2 -> v7data-20090616.img.tar.bz2
-rw-r--r-- 1 root root 236M Jun 13 11:52 v7i386-20090616.img.tar.bz2
-rw-r--r-- 1 root root 236M Jul 27 23:04 v7i386-20090726.img.tar.bz2
-rw-r--r-- 1 root root  438 Aug  7 15:28 v7i386-20090806.tar.bz2
lrwxrwxrwx 1 root root   27 Sep  7 10:31 v7i386.img.tar.bz2 -> v7i386-20090726.img.tar.bz2
lrwxrwxrwx 1 root root   23 Sep  7 10:31 v7i386.tar.bz2 -> v7i386-20090806.tar.bz2
-rw-r--r-- 1 root root 269M Jun 13 12:51 v7x86_64-20090616.img.tar.bz2
-rw-r--r-- 1 root root 269M Jul 27 23:10 v7x86_64-20090726.img.tar.bz2
-rw-r--r-- 1 root root  444 Aug  7 15:28 v7x86_64-20090806.tar.bz2
lrwxrwxrwx 1 root root   29 Sep  7 10:31 v7x86_64.img.tar.bz2 -> v7x86_64-20090726.img.tar.bz2
lrwxrwxrwx 1 root root   25 Sep  7 10:31 v7x86_64.tar.bz2 -> v7x86_64-20090806.tar.bz2

The problem disappears when /etc/httpd/conf.d/v7.conf looks like this:

# cat v7.conf 
ScriptAlias /v7/cgi/ "/var/v7/cgi/"
<Directory "/var/v7/cgi">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

Alias /v7/ "/var/v7/"
<Directory "/var/v7/">
    Options Indexes FollowSymlinks
    Order allow,deny
    Allow from all
</Directory>

Adding the FollowSymlinks option solves the issue.
Comment 1 Greg Nichols 2009-09-16 15:13:14 UTC 
Created attachment 361299 [details]
v7.conf patch to set FollowSymLinks
Comment 3 Nan Zhang 2009-09-30 09:51:04 UTC 
Verified this bug on v7-1.0-18.el5, already fixed. Set status to VERIFIED.

--- snip ---
...
...
2009-09-30 05:40:01 (138 KB/s) - `v7i386.img.tar.bz2' saved [246727651]

Note: could not download http://10.66.70.85/v7/fv-images/v7i386.img.tar.bz2
Downloaded v7i386.img to /var/lib/xen/images
Guest files verified
Submitted tests: v7 run  --test storage --server 10.66.70.85
Using config file "/etc/xen/v7i386".
Started domain v7i386
FV Guest started ...
fv_storage test is running, it takes some time(less than 60 minutes), please be patient ...
You may use the virt-manager to open the virtual machine console to monitor the testing progress.
...
Comment 5 errata-xmlrpc 2009-10-14 13:29:08 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1498.html