Apache2 Symlink security [Solved]

[SDraconis]

I was wondering if there is any way to limit symlinks to not be followed outside of a certain directory. I have a user who has a small site hosted in ~/public_html that requires symlinks within the directory in order to properly function. However, I do not want it to be possible for the user to make a symlink to some other directory outside of ~/public_html and have that publicly available on the net. Ideally, this would be a per-directory setting so I could still allow symlinks to anywhere to be followed from the main /var/www site.

[adaptr]

FollowSymlinksIfOwnerMatch is what you want.

See the apache docs for more.

Side note: no, you did not read them - if you had, you would know that everything in apache is configurable per-directory
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen

[SDraconis]

Thanks, and sorry. You're right, I had read a guide on configuring Apache2 and flipped through forum posts rather than the full docs. I should've known better and looked into the full documentation for the directives. As for the configuration per directory part, I already knew that everything was configurable per directory as I had already messed with some directives on certain directories. The reason I had said that was in case someone offered a solution that wasn't actually built in to Apache itself.

Edit: I believe the directive is actually called SymLinksIfOwnerMatch now rather than FollowSymlinksIfOwnerMatch

[adaptr]

Well, this one is, and as you can easily surmise yourself, as long as the files linked to are owned by the user whose directory they are in, it should all work as advertised.
For a given value of "advertised"
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen