Is Symlink Race Condition Protection Needed on a Non-Shared Server?

celiac101

Well-Known Member
Dec 19, 2012
96
1
58
cPanel Access Level
Website Owner
I am trying to beef up security on my server, and hopefully not slow it down, as it is very busy.

I operate a dedicated server, and with the exception of temporary FTP/cpanel access to certain sites on the server, I am the only person who has access to the server, and any sites on it. In my case, do I need to worry about Symlink Race Condition Protection?
 

celiac101

Well-Known Member
Dec 19, 2012
96
1
58
cPanel Access Level
Website Owner
I don't see an answer to my question in that thread, but it looks like if I control all sites on my server, which I do, then the only way I need to worry about Symlink is if one of those sites gets hacked, is that correct?

PS - The reason not to run it is the warning about slow performance. I want fast performance.
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,215
363
Hello @celiac101,

That's correct, in your case the benefit would relate to it's ability to protect the other websites on your system in the event one was exploited. Also, note the slow performance warning only extends to the Bluehost patch. The other documented patches/solutions will not slow the performance.

Thank you.
 

a305587

Member
Feb 25, 2019
6
1
3
Washington
cPanel Access Level
Root Administrator
Sorry to bring up an old thread but since I have the exact same question I didn't think it made sense to start a new one.

I am on a VPS and my sites are segmented into their own cPanels. The WHM message behind SymLink Protection states:

Symlink Protection [?]
This directive enables symlink protection in order to reduce the impact of race conditions if you enable the FollowSymlinks and SymLinksIfOwnerMatch Apache directives.
If one or both of those directives are not in effect this directive will have unexpected behavior so it is highly recommended to leave it off in that case.
The checks this directive performs can have significant performance impacts on the server. We strongly recommend that you do not enable this feature unless you absolutely require it.
Like the original poster, I'm the only person with access to the server and speed is of the utmost importance. Also between CSF, cPHulk, and WordFence we have the sites and server locked down pretty well.

The warning messages attached to the Symlink option give me pause. Is this something I should enable or not? Hmm. What do you recommend? If the sites are on their own cPanels, is the Symlink attack still a threat?

Thank you.