Bug 617427 - The /usr/share/doc/ directory cannot be fully shared to the network
Summary: The /usr/share/doc/ directory cannot be fully shared to the network
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: httpd
Version: 5.5
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Joe Orton
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-07-23 02:28 UTC by Todd Thomas
Modified: 2011-01-05 15:27 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-01-05 15:27:33 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Todd Thomas 2010-07-23 02:28:06 UTC 
Description of problem:
Not all program documentation is available on the LAN if shared via httpd. 

I added an alias to the default httpd.conf file and turned on the service to share all program documentation to the LAN:
alias   /docs   /usr/share/doc/
<Directory /usr/share/doc/>
        Order      deny,allow
        Deny       from all
        Options    +Indexes
        Allow from 10.0.0.0/24 127.0.0.1
</Directory>
---

If I were then to navigate to http://hostname/docs alias on that server via internal URL: the contents of /usr/share/doc/ on that server is displayed:
Index of /docs
[ICO] Name Last modified Size Description
[DIR] Parent Directory -
[DIR] GConf2-2.14.0/ 23-Jun-2010 13:12 -
[DIR] HTML/ 28-Sep-2009 18:29 -
[DIR] MAKEDEV-3.23/ 23-Jun-2010 13:11 -
[DIR] ORBit2-2.14.3/ 23-Jun-2010 13:10 -
[DIR] SysVinit-2.86/ 23-Jun-2010 13:12 -
[DIR] alsa-lib-1.0.17/ 23-Jun-2010 13:11 -
---

When I click on some links for example the /postfix-2.3.3 link it displays an empty directory. It's blank:
Index of /docs/postfix-2.3.3
[ICO] Name Last modified Size Description
[DIR] Parent Directory -
---

Listing the same directory on the file system looks like this:
ll /usr/share/doc/postfix-2.3.3/*
-rw-r--r-- 1 root root 19725 Aug 14 2008 /usr/share/doc/postfix-2.3.3/README-Postfix-SASL-RedHat.txt

/usr/share/doc/postfix-2.3.3/README_FILES:
total 960
-rw-r--r-- 1 root root 2771 Aug 14 2008 AAAREADME
-rw-r--r-- 1 root root 9405 Aug 14 2008 ADDRESS_CLASS_README
-rw-r--r-- 1 root root 43724 Aug 14 2008 ADDRESS_REWRITING_README
-rw-r--r-- 1 root root 17186 Aug 14 2008 ADDRESS_VERIFICATION_README
-rw-r--r-- 1 root root 9141 Aug 14 2008 BACKSCATTER_README
...

To fix this I found references to the .htaccess file on the net. I put one in the root of /usr/share/doc directory that looks like this:
Code:

<Directory /usr/share/doc>
        Options Indexes FollowSymLinks
        Allow from 10.0.0.0/24
        Allow from 127.0.0.0/8
</Directory>

It's still not working for me. Some directories are still displaying blank pages. Some appear to be listing all of the right stuff.
---
Further, I've opened permissions all the way up and incrementally locked them back down again, just to test:

from:
chmod -R 777 /usr/share/doc

incrementally to

chmod -R 544 /usr/share/doc

No love.
---

I haven't read the requirements/documentation regarding why these html help/docs are in /usr/share/doc/ but I assume one of the purposes is to make documentation accessible via browser. 

If this assumption is correct then this feature is broken.
---

Version-Release number of selected component (if applicable):
I've been looking for a fix for this since RHEL-5.1. No luck.


How reproducible:
Every time - without fail.


Steps to Reproduce:
1. Install httpd

2. Include an alias in that section of the httpd.conf file:
alias   /docs   /usr/share/doc/
<Directory /usr/share/doc/>
        Order      deny,allow
        Deny       from all
        Options    +Indexes
        Allow from 10.0.0.0/24 127.0.0.1
</Directory>

3. Optionally, create a .htaccess file in /usr/share/doc/.htaccess:
<Directory /usr/share/doc>
        Options Indexes FollowSymLinks
        Allow from 10.0.0.0/24
        Allow from 127.0.0.0/8
</Directory>

4. Restart httpd service

5. Open a browser and navigate to:
http://hostname/docs/postfix-2.3.3/

  
Actual results:
The postfix documentation directory is present but empty.


Expected results:
Documentation packaged by RH should be shareable via httpd if necessary. All pages should be viewable via web browser.


Additional info:
http://hostname/docs/                  (appears to be fully populated)
/usr/share/doc/postfix-2.3.3/          (directory is present but empty)
http://hostname/docs/samba-3.0.33/using_samba/toc.html
(most samba docs are present. this page is not.)

There are many more broken links and non-viewable resources though I have not noted all of them. This behavior is persistent with or without selinux enabled.
Comment 1 Joe Orton 2011-01-05 15:27:33 UTC 
Thanks for contacting us.  Please note that bugzilla is not a support tool and customers should contact Red Hat Technical Support in the first instance with any questions or issues you are having with the software; see:

  http://www.redhat.com/support/process/

for more information.

The problem you are seeing is likely to be caused by the "IndexIgnore" setting used in the default /etc/httpd/conf/httpd.conf, which hides files named README*:

   IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

See: http://httpd.apache.org/docs/2.2/mod/mod_autoindex.html#indexignore for more information.
Note You need to log in before you can comment on or make changes to this bug.