December 2002
Intermediate to advanced
588 pages
25h 57m
English
Content preview from Apache: The Definitive Guide, 3rd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
FollowSymLinks, SymLinksIfOwnerMatch
When we saved
disk space for our multiple copies of the Butterthlies catalogs by
keeping the images bench.jpg,
hen.jpg, bath.jpg, and
tree.jpg in
/usr/www/APACHE3/main_docs and making links to
them, we used hard links. This is not always the best idea, because
if someone deletes the file you have linked to and then recreates it,
you stay linked to the old version with a hard link. With a soft, or
symbolic, link, you link to the new version. To make one, use
ln
-s
source_filename destination_filename.
However, there are security problems to do with other users on the same system. Imagine that one of them is a dubious character called Fred, who has his own webspace, ... /fred/public_html. Imagine that the webmaster has a CGI script called fido that lives in ... /cgi-bin and belongs to webuser. If the webmaster is wise, she has restricted read and execute permissions for this file to its owner and no one else. This, of course, allows web clients to use it because they also appear as webuser. As things stand, Fred cannot read the file. This is fine, and it’s in line with our security policy of not letting anyone read CGI scripts. This denies them explicit knowledge of any security holes.
Fred now sneakily makes a symbolic link to fido from his own web space. In itself, this gets him nowhere. The file is as unreadable via symlink as it is in person. But if Fred now logs on to the Web (which he is perfectly entitled to do), accesses his own web space ...