LinkBack URL
About LinkBacksHi
I'm on a shared hosting. my server admin says that symlink is off
I'm very sensitive on my hosting security and has not extra money to go on vps or ded!
How Can I find symlink is on or not?
thank you
How to find symlink is on or off?
Hi
I'm on a shared hosting. my server admin says that symlink is off
I'm very sensitive on my hosting security and has not extra money to go on vps or ded!
How Can I find symlink is on or not?
thank you
I think you need SSH access for this, May I ask why is it you want to know, Is there something that needs this.
Please clarify what you are asking
What, exactly, are you asking? "Symlink" is short for "symbolic link." A symlink is a special type of file in the Unix/Linux filesystem that acts as a sort of shortcut to a file, similar to a shortcut on a Windows or Mac desktop.
Beginners: Learn Linux (Linux Reviews)
Are you perhaps asking about the Apache FollowSymLinks Apache option? FollowSymLinks is an option that can be specified for a directory, either in the httpd.conf file or in a .htaccess file.
core - Apache HTTP Server
This option specifies whether Apache should follow symlinks or not. FollowSymLinks can be turned on or off globally for the server in the WebHost Manager at Main >> Service Configuration >> Apache Configuration >> Global Configuration.
Also, unless the AllowOverrides option is set, you can enable or disable FollowSymLinks on a per-directory basis by using a .htaccess file in each directory. However, the server administrator can disable AllowOverrides, preventing you from using the .htaccess file for this purpose.
You will need to ask your host whether FollowSymLinks is enabled or disabled on a global basis, and whether AllowOverrides is enabled or disabled.
It is not clear from your question whether FollowSymLinks is what you are asking about, but it is my best assumption based on your description. Symlinks are part of the Unix/Linux filesystem and cannot be switched "on" or "off," but how some applications, such as Apache, handle them can be changed, and I hope this information is helpful to you.
For hands-on assistance, please reference our new support information page: Where should I go for support?
cPResources: Support Options - Submit a ticket here - Additional Support Options - Forums Search - Mailing Lists(Alt) - Documentation
-- Jared Ryan, Technical Analyst, cPanel Technical Support
symlink is disabled by this codes in apache pre main conf:
<Directory "/">
Options All
Options -FollowSymLinks
Options +SymLinksIfOwnerMatch
Options -ExecCGI
AllowOverride AuthConfig FileInfo Indexes Limit Options=Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
but I can do symlink via perl:
ln -s /etc/passwd ab.txt
Bahram0110 - Do the above what Jared Suggested.Originally Posted by cPanelJared
Whether you can read, write or execute a file or directory depends on the permissions of the target file or directory, not the permissions of the symlink.
Permissions on symlinks are always 777.
In your example, yes, you can make a symlink to /etc/passwd. However, /etc/password is world-readable. Any user with shell access to the server can read /etc/passwd, symlink or no symlink. This is because /etc/passwd has 644 permissions by default, and these permissions are required for many services and applications to work.
Contrary to its filename, /etc/passwd does not contain passwords. Those are stored in /etc/shadow, which is not world-readable. /etc/passwd only contains usernames, userids (UIDs), groupids (GIDs), the home directory and the shell, all of which can be deduced using other methods without viewing the /etc/passwd file.Code:# ls -alh /etc/passwd -rw-r--r-- 1 root root 2.6K Aug 27 14:11 /etc/passwd
You may see information online about ways to crack Linux by creating a symlink to /etc/passwd. Most of this information applies to very, very old Linux distributions that actually stored passwords in /etc/passwd. This was before the invention of the /etc/shadow file. In any modern Linux distribution, no passwords are stored in /etc/passwd, and a symlink to the /etc/passwd file poses no significant threat, because it does not expose any information that cannot be easily deduced using other methods.
Even if you do create a symlink in your public_html directory, Apache cannot follow it, because FollowSymLinks is off, so Apache will not send the contents of the targets of symlinks to the Web browser.
For hands-on assistance, please reference our new support information page: Where should I go for support?
cPResources: Support Options - Submit a ticket here - Additional Support Options - Forums Search - Mailing Lists(Alt) - Documentation
-- Jared Ryan, Technical Analyst, cPanel Technical Support
thank you very much
Problem solved
Reply With Quote