Apache

NightShade03NightShade03 Member Posts: 1,383 ■■■■■■■□□□
While I'm studying tonight I also ran across some apache configurations. One thing I noticed as an option is FollowSymLinks which seems to be set on alot of current apache deployments. I know that this will allow the system to follow system links within the directory. My question is...aren't there security concerns with this? Assume someone drops a files in this directory that system links to somewhere it shouldn't, will the permissions of the filesystem stop this or is that a "it depends" scenario?

Comments

  • darkerosxxdarkerosxx Banned Posts: 1,343
    Just have to watch permissions and be sure apache(the apache user) can't read files it shouldn't be able to read. This can be accomplished in a lot of ways, but mostly through permissions and SELinux.
Sign In or Register to comment.