The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to find symlink is on or off?

Discussion in 'Security' started by Bahram0110, Sep 21, 2010.

  1. Bahram0110

    Bahram0110 Well-Known Member

    Joined:
    Dec 12, 2007
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Hi
    I'm on a shared hosting. my server admin says that symlink is off
    I'm very sensitive on my hosting security and has not extra money to go on vps or ded!

    How Can I find symlink is on or not?

    thank you
     
  2. GaryT

    GaryT Well-Known Member

    Joined:
    May 19, 2010
    Messages:
    321
    Likes Received:
    3
    Trophy Points:
    16
    I think you need SSH access for this, May I ask why is it you want to know, Is there something that needs this.
     
  3. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Please clarify what you are asking

    What, exactly, are you asking? "Symlink" is short for "symbolic link." A symlink is a special type of file in the Unix/Linux filesystem that acts as a sort of shortcut to a file, similar to a shortcut on a Windows or Mac desktop.

    Beginners: Learn Linux (Linux Reviews)

    Are you perhaps asking about the Apache FollowSymLinks Apache option? FollowSymLinks is an option that can be specified for a directory, either in the httpd.conf file or in a .htaccess file.

    core - Apache HTTP Server

    This option specifies whether Apache should follow symlinks or not. FollowSymLinks can be turned on or off globally for the server in the WebHost Manager at Main >> Service Configuration >> Apache Configuration >> Global Configuration.

    Also, unless the AllowOverrides option is set, you can enable or disable FollowSymLinks on a per-directory basis by using a .htaccess file in each directory. However, the server administrator can disable AllowOverrides, preventing you from using the .htaccess file for this purpose.

    You will need to ask your host whether FollowSymLinks is enabled or disabled on a global basis, and whether AllowOverrides is enabled or disabled.

    It is not clear from your question whether FollowSymLinks is what you are asking about, but it is my best assumption based on your description. Symlinks are part of the Unix/Linux filesystem and cannot be switched "on" or "off," but how some applications, such as Apache, handle them can be changed, and I hope this information is helpful to you.
     
  4. Bahram0110

    Bahram0110 Well-Known Member

    Joined:
    Dec 12, 2007
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    symlink is disabled by this codes in apache pre main conf:

    <Directory "/">
    Options All
    Options -FollowSymLinks
    Options +SymLinksIfOwnerMatch
    Options -ExecCGI
    AllowOverride AuthConfig FileInfo Indexes Limit Options=Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    </Directory>

    but I can do symlink via perl:
    ln -s /etc/passwd ab.txt
     
  5. GaryT

    GaryT Well-Known Member

    Joined:
    May 19, 2010
    Messages:
    321
    Likes Received:
    3
    Trophy Points:
    16
    Bahram0110 - Do the above what Jared Suggested.
     
  6. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Whether you can read, write or execute a file or directory depends on the permissions of the target file or directory, not the permissions of the symlink.

    Permissions on symlinks are always 777.

    In your example, yes, you can make a symlink to /etc/passwd. However, /etc/password is world-readable. Any user with shell access to the server can read /etc/passwd, symlink or no symlink. This is because /etc/passwd has 644 permissions by default, and these permissions are required for many services and applications to work.

    Code:
    # ls -alh /etc/passwd
    -rw-r--r-- 1 root root 2.6K Aug 27 14:11 /etc/passwd
    Contrary to its filename, /etc/passwd does not contain passwords. Those are stored in /etc/shadow, which is not world-readable. /etc/passwd only contains usernames, userids (UIDs), groupids (GIDs), the home directory and the shell, all of which can be deduced using other methods without viewing the /etc/passwd file.

    You may see information online about ways to crack Linux by creating a symlink to /etc/passwd. Most of this information applies to very, very old Linux distributions that actually stored passwords in /etc/passwd. This was before the invention of the /etc/shadow file. In any modern Linux distribution, no passwords are stored in /etc/passwd, and a symlink to the /etc/passwd file poses no significant threat, because it does not expose any information that cannot be easily deduced using other methods.

    Even if you do create a symlink in your public_html directory, Apache cannot follow it, because FollowSymLinks is off, so Apache will not send the contents of the targets of symlinks to the Web browser.
     
  7. Bahram0110

    Bahram0110 Well-Known Member

    Joined:
    Dec 12, 2007
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    thank you very much
    Problem solved ;)
     
Loading...

Share This Page