Welcome! Log In Create A New Profile

Advanced

nginx + FollowSymLinks owner verification

April 10, 2012 09:38PM
i have made a test security and i have found the fallowing :

we have the fallowing synoposis :


[root@server4 www]# ls -alh
total 144K
drwxr-x--- 6 usertest nobody 4.0K Apr 10 20:09 .
drwx--x--x 13 usertest usertest 4.0K Apr 7 02:16 ..
-rw-r--r-- 1 usertest usertest 184 Apr 6 21:29 .htaccess
lrwxrwxrwx 1 usertest usertest 38 Apr 6 22:48 im1.txt -> /home/anotheruser/public_html/config.php
-rw-r--r-- 1 usertest usertest 3 May 3 2011 index.html

i can read the file of other user without any probleme !!!

normally it should verify the ownership of files before handel them .

NOTE , i use nginx as proxy of apache . when i use just apache a get a 403 error (this is a normal result) , with nginx i can read the file , becuase nginx hadler the static files + images


anyfix for this ?
SubjectAuthorPosted

nginx + FollowSymLinks owner verification

activaApril 10, 2012 09:38PM

Re: nginx + FollowSymLinks owner verification

Edho AriefApril 10, 2012 09:44PM

Re: nginx + FollowSymLinks owner verification

activaApril 10, 2012 10:25PM

Re: nginx + FollowSymLinks owner verification

activaApril 10, 2012 10:46PM

Re: nginx + FollowSymLinks owner verification

activaApril 11, 2012 12:18AM

Re: nginx + FollowSymLinks owner verification

activaApril 17, 2012 11:31PM

Re: nginx + FollowSymLinks owner verification

Edho AriefApril 17, 2012 11:40PM

Re: nginx + FollowSymLinks owner verification

charlieApril 26, 2012 09:29AM

Re: nginx + FollowSymLinks owner verification

Maxim DouninApril 26, 2012 10:44AM

Re: nginx + FollowSymLinks owner verification

LekensteynJanuary 05, 2013 10:30AM

Re: nginx + FollowSymLinks owner verification

Valentin V. BartenevJanuary 05, 2013 11:28AM

Re: nginx + FollowSymLinks owner verification

LekensteynJanuary 05, 2013 12:41PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 113
Record Number of Users: 5 on November 05, 2014
Record Number of Guests: 210 on November 05, 2014
Powered by nginx    Powered by FreeBSD    PHP Powered    Powered by Percona     ipv6 ready