Nginx + FollowSymLinks owner verification

i have made a test security and i have found the fallowing :

we have the fallowing synoposis :

[[email protected] www]# ls -alh
total 144K
drwxr-x— 6 usertest nobody 4.0K Apr 10 20:09 .
drwx–x--x 13 usertest usertest 4.0K Apr 7 02:16 …
-rw-r–r-- 1 usertest usertest 184 Apr 6 21:29 .htaccess
lrwxrwxrwx 1 usertest usertest 38 Apr 6 22:48 im1.txt ->
/home/anotheruser/public_html/config.php
-rw-r–r-- 1 usertest usertest 3 May 3 2011 index.html

i can read the file of other user without any probleme !!!

normally it should verify the ownership of files before handel them .

NOTE , i use nginx as proxy of apache . when i use just apache a get a
403 error (this is a normal result) , with nginx i can read the file ,
becuase nginx hadler the static files + images

anyfix for this ?

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,225152,225152#msg-225152

2012/4/11 activa [email protected]:

anyfix for this ?

disable_symlinks if_not_owner;

where shod i add this ? in nginx conf or in vhost conf ?

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,225152,225155#msg-225155

as i have found n is only available in developper version , not the
stable version .

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,225152,225156#msg-225156

is this available in stable version 1.0.15 ?

disable_symlinks if_not_owner;

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,225152,225454#msg-225454

installed nginx-1.1.18 and probleme was resolved .

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,225152,225158#msg-225158

2012/4/18 activa [email protected]:

is this available in stable version 1.0.15 ?

disable_symlinks if_not_owner;

Nope, it’s new in 1.1.x (since 1.1.16)

“disable_symlinks” do not work with “try_files” directive.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,225152,225816#msg-225816

Hello!

On Thu, Apr 26, 2012 at 09:29:12AM -0400, charlie wrote:

“disable_symlinks” do not work with “try_files” directive.

It does.

Maxim D.

Maxim, I found that the disable_symlinks option does not work properly
when
the permissions are restrictive. Please see my observations on
http://serverfault.com/q/463243/51929.

In summary: ngx_file_info_wrapper() tries to open() a file if symlinks
are
disabled. That fails if nginx does not have read permissions for the
said
file.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,225152,234722#msg-234722

On Saturday 05 January 2013 19:30:46 Lekensteyn wrote:

Maxim, I found that the disable_symlinks option does not work properly when
the permissions are restrictive. Please see my observations on
http://serverfault.com/q/463243/51929.

In summary: ngx_file_info_wrapper() tries to open() a file if symlinks are
disabled. That fails if nginx does not have read permissions for the said
file.

So, you found exactly what the documentation says:
http://nginx.org/r/disable_symlinks

wbr, Valentin V. Bartenev


http://nginx.com/support.html
http://nginx.org/en/donation.html

So just exactly where would you start off It s surely Karen Millen
Dresses a very good notion to discuss with your spending price range
worksheet really 1st so you recognize the worth variety to target on.
From there, give thought to what can make you along with your husband or
wife distinctive. Do you both love golfing Are you currently wine
connoisseurs How about a design In the event your wedding ceremony has a
single, there s confident to be a favor to enhance that idea. Would you
wish the favor for being the place holder If that is so, choose 1 that
enables you to jot down the person s name and table
quantity.http://www.birkinuk.com/

Karen
Millen One Shoulder

Karen
Millen Solid Color

Karen Millen
Multicolor

Hermes
Belts

Hermes
Birkin bag 25 Bougainvillier Ostrich leather Gold hardware

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,225152,225703#msg-225703

I consider it a feature if try_files and if can really check whether a
file
exists or not (instead of accessible). I have cooked a patch 1 that
implements this functionality. Please review, comments are welcome.

Note: this patch changes behaviour. Previously, files which were not
accessible were simply skipped. After applying this patch, files which
exist, but are not accessible are not skipped. Maybe an option can be
added
to try_files and if to toggle this behavior?

Regards,
Peter

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,225152,234726#msg-234726

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs