Re: SSI/server-side includes and symbolic links/SymlinkIfOwnerMatch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 4 Oct 2008, [iso-8859-1] André Warnier wrote:

> In other words, check if by any chance you do not have some <Location>
> section negating all your configuration snippets for that <Directory>.

I'm pretty sure the config is ok; the following are exerpts from my actual
config of all Directory/Location sections. Also, the config works fine for
non-SSI accessed symbolic links. For example, if
/export/user/bob/www/test.html (owned by bob) is a symlink to
/export/user/fred/www/foo.html (owned by fred), accessing /~bob/test.html
fails, and a symbolic link failure is logged. However, if
/export/user/bob/www/test_ssi.html contains an include (either
file=/export/user/bob/www/test.html or virtual=/~bob/test.html), accessing
/~bob/test_ssi.html successfully delivers the content of
/export/user/fred/www/foo.html via the include of the symbolic link, even
though the ownership differs.

This was unexpected and problematic for my intended implementation...

[...]
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
</Directory>
[...]
<Directory "/usr/pkg/share/httpd/htdocs">
        Options Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
</Directory>
[...]
<Directory "/usr/pkg/libexec/cgi-bin">
        SSLOptions +StdEnvVars
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
</Directory>
[...]
<Directory "/export/user/*/www">
[...]
        Options Indexes SymLinksIfOwnerMatch IncludesNoExec
[...]
</Directory>
[...]
<Directory "/export/group/*/www">
[...]
        Options Indexes SymLinksIfOwnerMatch IncludesNoExec
[...]
</Directory>
[...]
<Location /server-status>
        SetHandler server-status
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
</Location>
[...]
<Directory "/usr/pkg/share/httpd/icons">
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
</Directory>


-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  henson@xxxxxxxxxxxxx
California State Polytechnic University  |  Pomona CA 91768

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux