Nginx as reverse proxy for apache and SymlinksIfOwnerMatch problem

mrpk1906

Verified User
Joined
Oct 5, 2013
Messages
5
Hello,

I have two user on server, i installed php with suphp, enable Option +SymlinksIfOwnerMatch in virtualhost config of two user for security problem.
I try create a symlink on user "john" to a file on user "danny" then visit link to file 1.txt via browser of website on user john and i received 403 error code. It work!

658601 lrwxrwxrwx 1 john john 65 Apr 28 03:10 1.txt -> /home/danny/domains/abc.com/public_html/index.php

Continue, i install nginx as reverse proxy for apache. I visited link to file 1.txt and i read content in file index.php of user danny.

Please help me fix it.

Sorry my english is poor!

Thanks! :)
 

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,051
Hello,

Thanks for the report.
Martynas has just added this option to the default /etc/nginx/conf/nginx.conf to address this issue:
Code:
disable_symlinks if_not_owner;
This has been added to files1.directadmin.comf, so allow 24 hours for rsync to the other mirrors (if you're not using files1 in your options.conf)

Then type:
Code:
./build update
./build rewrite_confs
John
 

mrpk1906

Verified User
Joined
Oct 5, 2013
Messages
5
Hello,

Sorry,

after test visited website then all link to file static: txt, css, img... return error 403.

I read docs from nginx and i changed disable_symlinks if_not_owner; to disable_symlinks on from=$document_root;

problem fixed.
Please review for me! :)
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,305
Location
LT, EU
That is also fixed on DA download servers, but "if_not_owner" is used instead of "on":
Code:
disable_symlinks if_not_owner from=$document_root;
 
Top