Performance & Security Factors of Symbolic Links – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.
But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about apache-2.2, ubuntu, symbolic-link, symlink, .
I am thinking about rolling out a very stripped down version of release management for some PHP apps I have running.
Essentially the plan is to store each release in /home/release/1.x etc (exported from a tag in SVN) and then do a symlink to /live_folder and change the document root in the apache config.
I don’t have a problem with setting all this up (I’ve actually got it working at the moment), however I’m a developer with just basic knowledge of the server admin side of things.
Is there anything I need to be aware of from a security or performance perspective when using this method of release management?
If you are really worried about the performance issue (minimal) of a symlink, then you could always use a bind mount instead. You also, will not have any of the security implications either. A bind-mount is basically a symlink that exists purely at the kernel level.
But you probably shouldn’t really be worrying about the performance aspect unless you have proof that it is a real issue.
Also, actually enabling symlinks in Apache actually improves performance in some cases, because some filesystem checks are removed. Unless you have a reason to have it disabled, you probably want FollowSymLinks on.
See the performance tuning section about symlinks in the Apache docs. http://httpd.apache.org/docs/2.2/misc/perf-tuning.html#symlinks
FollowSymLinks and SymLinksIfOwnerMatch
Wherever in your
URL-space you do not have an Options
FollowSymLinks, or you do have an
Options SymLinksIfOwnerMatch Apache
will have to issue extra system calls
to check up on symlinks. One extra
call per filename component.
The security implications of FollowSymLinks tend to be all centered around permitting non-trusted users the ability to create files. If you are on a shared server, if you permit non-trusted users to write to the filesystem, or if you have any bugs in any hosted webapps, then a hostile user could be create a symlink to a file that wouldn’t normally be available via the web server. They could display it, or if your permissions are really bad, and you have a buggy webapp, then a symlink could permit modifications. On a system that is well locked down this shouldn’t be that much of an issue. If you have any directories where you permit store user-supplied content, you should disable symlink following there.
a single symlink to correct directory won’t hurt performance at all, because it will be cached by VFS.
As for security considerations, you might need to enable symlink following in your server, which could become a concern. The first thing to do would be to disable symlink following other than application directory link. However, I think it’s better to have a proper, full security solution that ensures that all applications only have the permissions they need – you could for example run your PHP applications under their own user accounts, with FastCGI.
Symlinks hurt performance, in that the disk has to seek to two places (or more, if there are multiple links to follow) to read a file. Other than that, it shouldn’t be an issue. I’m not aware of any security implications…