Apache2: security question

**numeritos** · 02-28-2007

I've got apache2+mysql5+php5 installed. I also installed phpbb2 and mediawiki. Is it safe to have a symlink on /var/www pointing to, for example, /usr/share/phpbb2 ?

Or should I copy all the content to de /var/www directory?

**ibanex22** · 03-02-2007

it's safe if it is a soft link

Code:

ln -s

and if there are no symbolic links in that directory tree.

**numeritos** · 03-02-2007

Originally Posted by ibanex22

it's safe if it is a soft link

Code:

ln -s

and if there are no symbolic links in that directory tree.

Yeah, I had soft links in the /var/www/ directory. Anyway I deleted them and made aliases in /etc/apache2/conf.d/ directory. They told me it was more secure.

P.S.: I didn't really understand what you meant by and if there are no symbolic links in that directory tree

**ibanex22** · 03-02-2007

say in /var/www you had a symbolic link to /usr/share/phpbb2 which contained some symbolic link to / or something... probably a rare scenario

. and possibly you could .htaccess or configure that directory to not follow symbolic links.

**numeritos** · 03-02-2007

Originally Posted by ibanex22

say in /var/www you had a symbolic link to /usr/share/phpbb2 which contained some symbolic link to / or something... probably a rare scenario

. and possibly you could .htaccess or configure that directory to not follow symbolic links.

Actually there are. A symlink /usr/share/phpbb2/templates/ that points to /etc/phpbb27templates/ and in that directory there's a directory called /subSilver that is a symlink pointing to /usr/share/phpbb2/templates/subSilver.
Phpmyadmin has also symlinks pointing to /etc and so on. That was automatically made by apt so I assume it can't be that insecure...

**likwid** · 03-02-2007

Using Alias is much more safe than symlink, and you need the FollowSymLinks option to actually use symlinks.

Thread Tools

Display

Apache2: security question

Posting Permissions