Re: [MLUG] Need help understanding the ~

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG Members <EMAIL:PROTECTED>
Subject: Re: [MLUG] Need help understanding the ~
From: Russell Horn <EMAIL:PROTECTED>
Date: Thu, 20 Mar 2008 19:20:11 +0000 (GMT)
Delivery-date: Thu, 20 Mar 2008 14:24:47 -0500
Envelope-to: EMAIL:PROTECTED
In-reply-to: <EMAIL:PROTECTED>
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED

Mike wrote:

> True, but there is another thing to look out for -- users may be allowed 
> to use symlinks to direct the server to any location on the system.  If 
> that is allowed, and they do this...

The example I posted has SymLinksIfOwnerMatch that will instruct apache to only follow symlinks if the owner of the target file/dir has the same userid as the link.

That should prevent your example (since my example also prevented root having a public_html), though disabling symlinks altogether would often be even safer.

Russell

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

Follow-Ups:
- Re: [MLUG] Need help understanding the ~
  - From: Mike Miller <EMAIL:PROTECTED>

Prev by Date: Re: [MLUG] Need help understanding the ~
Next by Date: Re: [MLUG] Need help understanding the ~
Previous by thread: RE: [MLUG] Re: [MLUG - DISCUSSION] Need help understanding the ~
Next by thread: Re: [MLUG] Need help understanding the ~
Index(es):
- Date
- Thread