1

I have setup a multi-sites project on a VPS server with WHM and cPanel.

Codebase is installed on a custom created folder named sites inside the cPanel user account home directory, with a subdomain master.example.com which acts as the master site.

home/username/sites/master/public_html

I then have created slave sites, which consist of symbolic links to the master installation, but each one is configured to use its own database. They are only using the same code, from my master.

There are additional subdomains inside my above sites directory, each one with its own dir like so: 

home/username/sites/sub1/public_html
home/username/sites/sub2/public_html

As well as my main domain, which is in the:

home/username/public_html

As said, all of the slave sites are practically symlinks to the files of my single webapp instance of my master site.

Due to some issues with Server Software that couldn't "understand" the above setup, the hosting provider informed me that linking my public_html folder to files that reside out of it and inside another folder of my home, breaks the compatibility with that software, and moreover it's extremely insecure and unsupported, as it opens the whole server to vulnerabilities, because these symbolic links can be used to gain access to the whole root filesystem.

So, now I need some input from you of the security industry.

  • Is the above configuration bad by nature and something that I should never do under any conditions?

  • Why it is bad to link my public_html to a folder files to a folder that is outside of it and specifically to the folder I mentioned above?

  • How the said symlinks could be used against me and to take control of the root filesystem?

  • What are the extra requirements I should consider, in order to have the above setup working without being insecure?

tafvita
  • 11
  • 2
  • 2
    [serverfault: followsymlinks on apache why is it a security risk](http://serverfault.com/questions/244592/followsymlinks-on-apache-why-is-it-a-security-risk), [The tricky security issue with FollowSymLinks and Apache](https://blog.hboeck.de/archives/873-The-tricky-security-issue-with-FollowSymLinks-and-Apache.html), [Security problems regarding +FollowSymLinks and -SymLinksIfOwnerMatch?](http://stackoverflow.com/questions/11444461/security-problems-regarding-followsymlinks-and-symlinksifownermatch). – Steffen Ullrich Sep 17 '16 at 09:48

1 Answers1

1

Since I do not know the technology on which you are working, Ill try to answer the questions in a generalized manner. Hope this will help. Answer to your above questions:

Is the above configuration bad by nature and something that I should never do under any conditions? - It depends on how much vulnerable you are to threats and attacks. That of course depends upon the reputation(daily visits) your website has.

Why it is bad to link my public_html to a folder files to a folder that is outside of it and specifically to the folder I mentioned above? - Because the link that you are using to join the public files to non-public files can be hijacked by adversaries to access your protected/non-public content.

How the said symlinks could be used against me and to take control of the root filesystem? - same as above

What are the extra requirements I should consider, in order to have the above setup working without being insecure? - You have to set up some seurity measure to make it sure only the trusted entities are gaining access to the protected space.

Penguine
  • 165
  • 6