Forum OpenACS Q&A: Different behavior of AOLserver ad+13 on symbolic links?

Collapse
1: Different behavior of AOLserver ad+13 on symbolic links?
Posted by Henry Minsky on 08/09/01 03:47 AM
I noticed that when I upgraded from AOLserver ad+12 to ad+13, that
the server would no longer follow symbolic links in the /www tree.
Whereas before, I had some symbolic links of directories and files
under /web/myserver/www to places in my home directory, etc, doing a
get on the same URL under v ad+13
now gives 404 file not found errors.

Is this behavior change documented someplace? Is there some
other configuration issue I am unaware of? I am using pretty much
the same .tcl init file for the old and new server.

Collapse
2: Response to Different behavior of AOLserver ad+13 on symbolic links? (response to 1)
Posted by Don Baccus on 08/09/01 03:39 PM
You should probably ask Rob Mayoff directly ...  he'll know.

He *always* knows :)

Collapse
3: Response to Different behavior of AOLserver ad+13 on symbolic links? (response to 1)
Posted by Jun Yamog on 08/10/01 05:32 PM
Hi,

I have seen this also.  Although did not notice it until I read this thread.  Post here of Rob Mayoff's answer.  Thanks.

Jun

Collapse
4: Response to Different behavior of AOLserver ad+13 on symbolic links? (response to 1)
Posted by Henry Minsky on 08/11/01 12:54 AM
Looking more carefully, the new nsd can follow symlinks outside the
doc root tree, but it now obeys the user and group permissions set
by the -u and -g flags.

Rob didn't recall anything particular, just suggested that
maybe the old aolserver version had some bug in setting it's
group, so it could access some directories it ought not to be able to
when running as -u nsadmin -g web or whatever.

I guess the new behavior is more correct, since previously, the server could access my personal directory via symlink, which it
should not have been able to do...

Collapse
5: Response to Different behavior of AOLserver ad+13 on symbolic links? (response to 1)
Posted by Don Baccus on 08/11/01 02:58 AM
Oh, yeah, this is a GOOD difference.  Thanks for tracking it down with Rob, Henry ...