GNOME Bugzilla – Bug 326702
symbolic links does not appear in a webdav client.
Last modified: 2014-07-23 10:08:08 UTC
Please describe the problem: Even if you enable "Options FollowSymlinks" the link does not show up in the parent directory. However if you specify the path it works. This is probably a mod_dav limitation/bug ? Apache 2.0.52 Steps to reproduce: 1. Create symlink 'softlink' to another directory 2. Add Options FollowSymlinks 3. reload gnome-user-share Actual results: You can acces it with ip:port/softlink but softlink does not show up in / Expected results: Symbolic link shown. Does this happen every time? yes Other information: This is needed when you want to share data that already exists and don't want to copy them. Another solution to this problem could allow sharing of any/multiple dirs instead of a fixed one.
I see this too. In its current state, it's not useful to me :(
Allowing symlinks out of the Public folder is a sort of security risk though. You'd need to allow the httpd to read files outside of it, which means you can probably trick it to read /etc/passwd.
Following Alex's comment, shouldn't we close this bug as WONTFIX?
FollowSymlinks is obviously out of the question, but using "SymLinksIfOwnerMatch" could be useful, and remove that security problem (mostly). 2 changes to make: - use SymLinksIfOwnerMatch in the default configuration - refuse to launch http sharing if root
In httpd/modules/dav/fs/repos.c /* ### for now, only process regular files (e.g. skip symlinks) */ if (fsctx->info1.finfo.filetype == APR_REG) { Filed upstream: https://issues.apache.org/bugzilla/show_bug.cgi?id=46521
Even allowing symlinks to the users homedir but outside ~/Public is debatable. For instance, if public is writable anyone can put a symlink to ../.mozilla and start reading the users stored passwords and cookies.
*** Bug 630402 has been marked as a duplicate of this bug. ***
(In reply to comment #6) > Even allowing symlinks to the users homedir but outside ~/Public is debatable. > For instance, if public is writable anyone can put a symlink to ../.mozilla and > start reading the users stored passwords and cookies. I agree that there is a security issue, but please leave it at least configurable by the user. You could add a big, fat, ugly warning that enabling symlinks in the ~/Public folder might impose a severe security risk and should only be done in private environments, but leave it optional to enable it nevertheless. Please don't expect me to duplicate several GB of my ~/Pictures folder just to make them shared across my private home network!
(In reply to comment #8) > (In reply to comment #6) > > Even allowing symlinks to the users homedir but outside ~/Public is debatable. > > For instance, if public is writable anyone can put a symlink to ../.mozilla and > > start reading the users stored passwords and cookies. > > I agree that there is a security issue, but please leave it at least > configurable by the user. You could add a big, fat, ugly warning that enabling > symlinks in the ~/Public folder might impose a severe security risk and should > only be done in private environments, but leave it optional to enable it > nevertheless. Given that the httpd WebDav module ignores symlinks, even if we wanted, we couldn't make it work without fixing mod_dav. See the bug mentioned above.
*** Bug 733583 has been marked as a duplicate of this bug. ***