Forum archive 2000-2006

Nandor Sieben - File manager does not follow symlinks

Nandor Sieben - File manager does not follow symlinks

by Arnold Pizer -
Number of replies: 0
inactiveTopicFile manager does not follow symlinks topic started 4/20/2005; 1:09:48 PM
last post 7/2/2005; 5:22:13 PM
userNandor Sieben - File manager does not follow symlinks  blueArrow
4/20/2005; 1:09:48 PM (reads: 1296, responses: 3)
I am using webwork2 cvs with pathes. I have a symlink in the templates directory that points to a large collection of pg files. These files do work in the library browser but the file manager cannot access them. The error message is "The directory you specified doesn't exist". Is this on purpose or do I have a permission or setup problem?

Nandor

<| Post or View Comments |>

userMichael Gage - Re: File manager does not follow symlinks  blueArrow
4/20/2005; 1:43:03 PM (reads: 1628, responses: 0)
I have the same experience and fooled around with permissions a bit to double check. I believe this is on purpose -- the file manager is already giving one rather a large amount of rope with the potential to do mischief over the web and following symlinks is perhaps a bit too much power.

-- Mike

<| Post or View Comments |>

userDavide P. Cervone - Re: File manager does not follow symlinks  blueArrow
4/20/2005; 5:12:58 PM (reads: 1620, responses: 0)
Mike is right, this is on purpose. There are serious security issues involved with allowing file access through a web interface like this, and to reduce the threat, the FileManager tries to be careful about what it lets you do, and errs perhaps on the side of caution. In particular, the FileManager only lets you access directories that are subdirectories of your course's home directory. This means that if you had symbolic links to directories outside your course directory, you would not be able to access it.

The FileManager accesses files using the web server's user and group permissions, not your own, and so we need to be careful to limit your access in other ways than just by using unix permissions. If it allowed you to follow symbol links, you could use this to access files on the system that your account doesn't have the unix permissions to access. (I'm not going to describe this in detail, because I don't want people to do it.)

On the other hand, one should be able to follow symbolic links within your course directory, but the FileManager doesn't currently allow that (it doesn't follow ANY symbolic link). If the diretory is in your course directory's hierarchy, you should be able to get to it without following the link.

Hope this clarifies the situation.

Davide

<| Post or View Comments |>

userDavide P. Cervone - Re: File manager does not follow symlinks  blueArrow
7/2/2005; 5:22:13 PM (reads: 1574, responses: 0)
I have just updated the File Manager to make it possible to follow symbolic links in a controlled way. You can get the latest copy via CVS, but note that it also includes a change to global.conf, so you need to get that, too.

There are two new features: first, if a symbolic link is to a file or directory within your course, it can be followed automatically. For other symbolic links, you can set the $webworkDirs{valid_symlinks} variable in the global.conf file to an array of directories that are allowed to be linked to by the File Manager. For example,

 

    $webworkDirs{valid_symlinks} = [
      "$webworkDirs{courses}/commonCourse/templates",
      "/ww2/common/sets",
    ];

would allow the File Manager to follow symbolic links that point to either of the two directories listed (or to any of their subdirectories). This way, the system administrator can allow professors to have access to limited portions of the system outside their course directories. Note that there still must be a symbolic link within the course hierarchy to one of the allowed directories in order for the File Manager to be able to follow it.

Note that these directories will be accessible to the professors using the server's permissions, so if the server has write access to those directories, professors will be able to change their contents. So if you want to have a shared directory of set.def files, for example, make sure it is write protected against the server.

Hope that clears up the problem you were having.

Davide

<| Post or View Comments |>