nginx + FollowSymLinks owner verification
activa
nginx-forum at nginx.us
Wed Apr 11 01:38:07 UTC 2012
i have made a test security and i have found the fallowing :
we have the fallowing synoposis :
[root at server4 www]# ls -alh
total 144K
drwxr-x--- 6 usertest nobody 4.0K Apr 10 20:09 .
drwx--x--x 13 usertest usertest 4.0K Apr 7 02:16 ..
-rw-r--r-- 1 usertest usertest 184 Apr 6 21:29 .htaccess
lrwxrwxrwx 1 usertest usertest 38 Apr 6 22:48 im1.txt ->
/home/anotheruser/public_html/config.php
-rw-r--r-- 1 usertest usertest 3 May 3 2011 index.html
i can read the file of other user without any probleme !!!
normally it should verify the ownership of files before handel them .
NOTE , i use nginx as proxy of apache . when i use just apache a get a
403 error (this is a normal result) , with nginx i can read the file ,
becuase nginx hadler the static files + images
anyfix for this ?
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225152,225152#msg-225152
More information about the nginx
mailing list