[SATLUG] symbolic links and permissions

Greg Swift gregswift at gmail.com
Sun Jan 25 11:57:33 CST 2009


On Sun, Jan 25, 2009 at 11:49, Aaron Hackney <techgeeks at aaronhackney.com>wrote:

> Charles Hogan wrote:
>
>> Bruce Dubbs wrote:
>>
>>> Geoff wrote:
>>>
>>>> Curious problem.
>>>>
>>>> My host drive on my server that I do -not- have physical access to (it's
>>>> in San Antonio and I'm in Houston) is running low on space.
>>>>
>>>> One directory in /home, I found, was holding 5g.  There are 2 other
>>>> volumes in the machine, with plenty of space available.
>>>>
>>>> So, I figured 'hmmm... mv the files to the larger volume, create a
>>>> symlink from /home/{username}/public_html/directory to
>>>> /larger_drive/directory
>>>>
>>> It's been a while since I've been under the hood in apache, but isn't
> there a directive to disallow following symbolic links?
>
> -A


You have to specifically allow like this (if not listed or if explicity
removed with a prefix of - it doesnt work)

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

Now you can also add "SymLinksifOwnerMatch" to the options line for finer
grain security of following symlinks.

-greg


More information about the SATLUG mailing list