>From: "Doug Yatcilla" <yatcilda@umdnj.edu>
>...the most confusing part of
>installing it for me was keeping straight all the symbolic links in it.
Hmm. I don't have a problem with it, of course. But I'm biased because
I built it and understand it already. I never expected people to have
to figure out the links themselves, however, and I can appreciate how
they can be confusing.
>... I wanted to use Apache's suEXEC feature
Interesting that you bring this up. I've just been doing an installation
that is using suEXEC and came across the same problem you did.
We want to use suEXEC not so much for security as for convenience - to
have the files created by HyperNews be owned by a user who can have
write access to the files directly.
>suEXEC security model will not allow target programs that are
>symbolic links to be run
Well, I don't think this is a security issue - I think it is a bug.
I haven't investigated thoroughly yet but it doesn't make sense to me
that symbolic links should be allowed for intermediate directories
while linking to the actual file to be executed is not allowed.
Perhaps links are not allowed anywhere along the whole path, but
why would this be more secure?
Apache has a separate restriction on the use of symbolic links that should
be sufficient, where that restriction is needed at all.
One workaround is to use the --copy option on setup.pl.
But 1.9.9 has a bug regarding copying to the Admin directory - it
doesn't do it.
>This made me wonder just why symbolic links are used so much in
>HyperNews. Why not use hard links for files like edit-article.pl above?
Hard links might work just as well while maybe solving the problem
of use with suEXEC. I'll have to experiment.
I think the change will be relatively easy to implement, but I
will not be surprised if there are some unknowns that I don't
know about. :-)
>This would be slightly more efficient (in speed and disk space) than
>using symbolic links.
I think efficiency is not a particularly relevant issue for symbolic links.
If we did multiple links via long paths from the root, it would start
to make a difference.
>Or, why not refer to the program directly instead
>of using any sort of link?
Links are used, symbolic or hard, because we use the server's
directory based access control mechanism. Since the same scripts are used
whether under access control or not, we just link from the appropriate
directories. Links are also used to get access to the hnrc file and
the library script files. There are other ways this could be done,
but it works well enough for now.
dan
|
Links are needed for sharing 
Design question: why so many symbolic links?
(Douglas Yatcilla)
Changed setup.pl to use hard links; seems to work
by yatcilda@umdnj.edu, 1999, Feb 15
Error-log
by rguyer@dual-tech.com, 1999, Mar 20
