Bug 617427 – The /usr/share/doc/ directory cannot be fully shared to the network

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 617427 - The /usr/share/doc/ directory cannot be fully shared to the network

Summary:	The /usr/share/doc/ directory cannot be fully shared to the network

Status:	CLOSED NOTABUG

Aliases:	None

Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	httpd (Show other bugs)
Sub Component:
Version:	5.5
Hardware:	All Linux

Priority	low Severity medium
Target Milestone:	rc
Target Release:	---
Assigned To:	Joe Orton
QA Contact:	BaseOS QE Security Team
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2010-07-22 22:28 EDT by Todd Thomas
Modified:	2011-01-05 10:27 EST (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2011-01-05 10:27:33 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Todd Thomas 2010-07-22 22:28:06 EDT

Description of problem:
Not all program documentation is available on the LAN if shared via httpd.

I added an alias to the default httpd.conf file and turned on the service to share all program documentation to the LAN:
alias /docs /usr/share/doc/
<Directory /usr/share/doc/>
Order deny,allow
Deny from all
Options +Indexes
Allow from 10.0.0.0/24 127.0.0.1
</Directory>
---

If I were then to navigate to http://hostname/docs alias on that server via internal URL: the contents of /usr/share/doc/ on that server is displayed:
Index of /docs
[ICO] Name Last modified Size Description
[DIR] Parent Directory -
[DIR] GConf2-2.14.0/ 23-Jun-2010 13:12 -
[DIR] HTML/ 28-Sep-2009 18:29 -
[DIR] MAKEDEV-3.23/ 23-Jun-2010 13:11 -
[DIR] ORBit2-2.14.3/ 23-Jun-2010 13:10 -
[DIR] SysVinit-2.86/ 23-Jun-2010 13:12 -
[DIR] alsa-lib-1.0.17/ 23-Jun-2010 13:11 -
---

When I click on some links for example the /postfix-2.3.3 link it displays an empty directory. It's blank:
Index of /docs/postfix-2.3.3
[ICO] Name Last modified Size Description
[DIR] Parent Directory -
---

Listing the same directory on the file system looks like this:
ll /usr/share/doc/postfix-2.3.3/*
-rw-r--r-- 1 root root 19725 Aug 14 2008 /usr/share/doc/postfix-2.3.3/README-Postfix-SASL-RedHat.txt

/usr/share/doc/postfix-2.3.3/README_FILES:
total 960
-rw-r--r-- 1 root root 2771 Aug 14 2008 AAAREADME
-rw-r--r-- 1 root root 9405 Aug 14 2008 ADDRESS_CLASS_README
-rw-r--r-- 1 root root 43724 Aug 14 2008 ADDRESS_REWRITING_README
-rw-r--r-- 1 root root 17186 Aug 14 2008 ADDRESS_VERIFICATION_README
-rw-r--r-- 1 root root 9141 Aug 14 2008 BACKSCATTER_README
...

To fix this I found references to the .htaccess file on the net. I put one in the root of /usr/share/doc directory that looks like this:
Code:

<Directory /usr/share/doc>
Options Indexes FollowSymLinks
Allow from 10.0.0.0/24
Allow from 127.0.0.0/8
</Directory>

It's still not working for me. Some directories are still displaying blank pages. Some appear to be listing all of the right stuff.
---
Further, I've opened permissions all the way up and incrementally locked them back down again, just to test:

from:
chmod -R 777 /usr/share/doc

incrementally to

chmod -R 544 /usr/share/doc

No love.
---

I haven't read the requirements/documentation regarding why these html help/docs are in /usr/share/doc/ but I assume one of the purposes is to make documentation accessible via browser.

If this assumption is correct then this feature is broken.
---

Version-Release number of selected component (if applicable):
I've been looking for a fix for this since RHEL-5.1. No luck.

How reproducible:
Every time - without fail.

Steps to Reproduce:
1. Install httpd

2. Include an alias in that section of the httpd.conf file:
alias /docs /usr/share/doc/
<Directory /usr/share/doc/>
Order deny,allow
Deny from all
Options +Indexes
Allow from 10.0.0.0/24 127.0.0.1
</Directory>

3. Optionally, create a .htaccess file in /usr/share/doc/.htaccess:
<Directory /usr/share/doc>
Options Indexes FollowSymLinks
Allow from 10.0.0.0/24
Allow from 127.0.0.0/8
</Directory>

4. Restart httpd service

5. Open a browser and navigate to:
http://hostname/docs/postfix-2.3.3/

Actual results:
The postfix documentation directory is present but empty.

Expected results:
Documentation packaged by RH should be shareable via httpd if necessary. All pages should be viewable via web browser.

Additional info:
http://hostname/docs/ (appears to be fully populated)
/usr/share/doc/postfix-2.3.3/ (directory is present but empty)
http://hostname/docs/samba-3.0.33/using_samba/toc.html
(most samba docs are present. this page is not.)

There are many more broken links and non-viewable resources though I have not noted all of them. This behavior is persistent with or without selinux enabled.

Comment 1 Joe Orton 2011-01-05 10:27:33 EST

Thanks for contacting us.  Please note that bugzilla is not a support tool and customers should contact Red Hat Technical Support in the first instance with any questions or issues you are having with the software; see:

  http://www.redhat.com/support/process/

for more information.

The problem you are seeing is likely to be caused by the "IndexIgnore" setting used in the default /etc/httpd/conf/httpd.conf, which hides files named README*:

   IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

See: http://httpd.apache.org/docs/2.2/mod/mod_autoindex.html#indexignore for more information.

Note You need to log in before you can comment on or make changes to this bug.