[arch-general] community/NUT access cgi in /usr/share/nut/cgi without FollowSymLinks?
Maxime Gauduin
alucryd at archlinux.org
Fri Jun 5 09:04:39 UTC 2020
June 3, 2020 8:24 AM, "David C. Rankin" <drankinatty at suddenlinkmail.com
> wrote:
> All / Maxime,
>
> With the nut build option setting:
>
> --with-cgipath=/usr/share/nut/cgi \
>
> when using apache with the default /srv/http/cgi-bin location, how
> are you
> supposed to access the cgi files in /usr/share/nut/cgi "Safely"?
>
> I have the entire /usr/share/nut/html directory protected by a dbm
> database
> file manipulated with dbmmanage, so to reach the <Directory> you must
> authenticate. That said, the only way I can make the cgi scripts work
> is by
> setting Options FollowSymLinks in the <Directory> for "/srv/http/cgi-
> bin"
> after symlinking (e.g. ln -s /usr/share/nut/cgi /srv/http/cgi-
> bin/nut)
>
> Is this safe? Is this intended way to provide access to the cgi
> scripts?
>
> --
> David C. Rankin, J.D.,P.E.
Hi David,
I haven't used apache in years so please take this with a grain of
salt. On nginx I'm using the alias directive, restricting access to
the upsset.cgi to my local network [0], as suggested by the nut
documentation in /etc/upsset.conf. It seems apache has a similar alias directive so you may be able to achieve the same without using any symlink [1].
[0] https://paste.xinu.at/BNUJFeuBycXUw8fB/
[1] https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias
Cheers,
--
Maxime
More information about the arch-general
mailing list