Bugzilla – Bug 1195465
update to lighttpd-1.4.64-bp126.96.36.199.x86_64 breaks userdir public_html
Last modified: 2022-02-07 08:17:09 UTC
After todays maintenance Update to
userdirs (public_html) are no longer accessible via lighttpd.
Urls in the style
now result in an error message (404).
The problem seems to be caused by the hardening settings in the new
It now contains additionally:
# added automatically, for details please see
# end of automatic additions
without these settings - this means to fall back to the old services file -
and disable/enable the service in order to update the links and restart it restores the functionality.
With just disabling
and keep the other hardening settings active the
access also works.
So ProtectHome=true seems to be the culprit in this case.
After checking options for ProtectHome on
I found read access to the home directories public_html is also working with:
Maybe this is a better setting for lighttpd than to drop it completely.
Just as cross-reference: added this bug to bug 1181400 and set to security as these hardening seems to be added automatically.
BTW: I also already observed this problem on Tumbleweed for some weeks but did not have time to track it down. I suspected it was caused by a change in lighttpd's configuration files and failed to get it to work by just modifying those and incorparate the changes from the rpmnew files.
Yes, ProtectHome=read-only is a better setting. Thanks for reporting this here, I'll submit a fix
i think andreas submitted the maintenance update, cc
submitted to Tumbleweed and Leap
This is an autogenerated message for OBS integration:
This bug (1195465) was mentioned in
https://build.opensuse.org/request/show/951357 Factory / lighttpd
https://build.opensuse.org/request/show/951358 Backports:SLE-15-SP3 / lighttpd
openSUSE-RU-2022:0029-1: An update that has one recommended fix can now be installed.
Category: recommended (moderate)
Bug References: 1195465
openSUSE Backports SLE-15-SP3 (src): lighttpd-1.4.64-bp188.8.131.52