Forum OpenACS Q&A: Different behavior of AOLserver ad+13 on symbolic links?

I noticed that when I upgraded from AOLserver ad+12 to ad+13, that
the server would no longer follow symbolic links in the /www tree.
Whereas before, I had some symbolic links of directories and files
under /web/myserver/www to places in my home directory, etc, doing a
get on the same URL under v ad+13
now gives 404 file not found errors.

Is this behavior change documented someplace? Is there some
other configuration issue I am unaware of? I am using pretty much
the same .tcl init file for the old and new server.

You should probably ask Rob Mayoff directly ...  he'll know.

He *always* knows :)

Hi,

I have seen this also.  Although did not notice it until I read this thread.  Post here of Rob Mayoff's answer.  Thanks.

Jun

Looking more carefully, the new nsd can follow symlinks outside the
doc root tree, but it now obeys the user and group permissions set
by the -u and -g flags.

Rob didn't recall anything particular, just suggested that
maybe the old aolserver version had some bug in setting it's
group, so it could access some directories it ought not to be able to
when running as -u nsadmin -g web or whatever.

I guess the new behavior is more correct, since previously, the server could access my personal directory via symlink, which it
should not have been able to do...

Oh, yeah, this is a GOOD difference.  Thanks for tracking it down with Rob, Henry ...