httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@kiwi.ICS.UCI.EDU>
Subject Re: WWW Form Bug Report: "FollowSymLinksIfOwnerMatch and automounting don't mix well" on Solaris 2.x
Date Mon, 25 Nov 1996 05:51:01 GMT
>>> <Directory />
>>> AllowOverride None
>>> Options FollowSymLinks
>>> order deny,allow
>>> deny from all
>>> </Directory>
>>> 
>>> which is what everyone should have in their access.conf, in my opinion.
> 
> We explicitly disable FollowSymLinks in favor of FollowSymLinksIfOwnerMatch
> because we found someone (a legitimate user) publishing our passwd file.

I know that -- I do the same at UCI.  That is just the top level access
protection, which gets overridden by any other <Directory> settings.
You put the FollowSymLinksIfOwnerMatch in the lower-level Directory
settings which are below the automount links.

.....Roy

Mime
View raw message