New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Breaks if path is behind as symlink and the symlink is changed #47
Comments
Can you please provide the version that you are using and the os in order to try to reproduce it? |
I assume that you are changing the root dir which is a symlink right ? |
Yes. root@you:/tmp/tmp.pjklPfxOlR# mkdir one
root@you:/tmp/tmp.pjklPfxOlR# ln -s one root
root@you:/tmp/tmp.pjklPfxOlR# date >one/a Which looks like:
if I run the image as:
In the logs, when doing
Even if --root is pointing at If I remove This is with: 1.17.1-alpine |
Ok, the behavior of "pointing always to the root dir " is expected for this server. Even if your symlinked root is changed later on, you will always get the path what was assigned first. However a workaround could be to try to symlink your content only (inside the root) but not the root itself. Anyway If you can propose some alternative of solution for your use case please let me know I open to discuss. I'm going to close this issue since it's not a bug. |
But the path I gave it is
Sure, I buy a good security argument, but I don't see this one as being a good one. If anything, the default behaviour on nginx is the completely the opposite. It permits the root to be a symlink, but does not follow symlinks within the root, unless there is a special directive in the server block permitting that. That is because attackers can manipulate files within the root, but not outside of the root, hence by definition cannot change what the root symlink points to.
If this is intentional, can you point me where this intention happens? Don't want to sound offensive, but it feels like you are not sure why/where this happens, and it's easier to just shrug it off as "not-a-bug". For the record, I've already moved on to using nginx which solves my issue, but I am still going to fight my ground here, as I believe the arguments are quite weak and conclusion is wrong, based on what other web servers do. |
I understand your point more clear now regarding the symlink for the root, but as I told you, it's not because I want to avoid your use case is because the server always resolves root and assets dirs that includes symlinks. That's why I labeled this issue as "is not a bug". Regarding the label, closing the issue doesn't mean nothing since I can easily reopen it if necessary.
So to clarify again, the server always resolves the root and assets dir paths to its absolutely paths and that includes symlinks that's why your surprise. |
I understand what the server does, it's clear from the logs. I think I even know which part of the code triggers this behaviour. I don't understand why it does that and what it tries to achieve be doing that. |
The reason is "simple", convenience across platforms. |
I still don't follow how resolving at startup is beneficial/better than resolving at request time? Please, do not say performance, because it's exactly one extra syscall querying a data structure that is already in memory. I don't see how preventing usage of features of the filesystem is a convenience, and why "across platforms" is relevant here, given usage (not creation) of symlinks is identical across all of them. Can you give a scenario where this (pre-resolving symlinks at startup, but for the root and nothing else) makes it convenient, or a scenario where doing that would be in inconvenient? |
First, for the most common cases that I have seen using a web server to serving static files I have never seen a server with dynamic root path at request time. I see that use case personally rare, even so, your use case for example can be addressed conditioning your content under the root. Second, I never has said that this server approach is better, but you are claiming that.
Please provide an example or even better, code if you can.
Honestly I don't care about it, since the "overhead" resolving the root or assets paths is insignificant and all this happens at startup time.
This is clearly a fallacy ad hominem since I have repeated myself comments above that if you provide me enough details in a separate issue we can discuss it and why not to consider to conditioning the current approach.
First, I take it again from the comment above: The escenario is to have a path (either relative or symlink) resolved (with all intermediate components normalized and symbolic links resolved). It means a path with no dependencies. That is a path that exist by its own: absolute path. For "symlinks being an inconvenience", you are claiming about it. |
I am not sure what you mean by dynamic, but nginx, apache, lighttpd all support being pointed to a symlink as the content root, and trust the operating system to re-resolve the symlink on every request. The only reason I dislike using them is that configuring them requires an actual config file, oppose to just command line parameters. I've opened this issue specifically for the issue/use case being discussed here, hence I don't trust that raising another one, repeating the same content explaining what use case doesn't work, will suddenly resolve this. Given we are getting nowhere, and in order to save both of our time, I think we can consider this "resolved". Thanks for your time, and good luck. |
Thanks also for the discussion. |
Just FYI or future people interesting in this. |
I am trying to use this in conjunction with https://github.com/kubernetes/git-sync
Namely, I've got a k8s pod that has 2 containers, git-sync and your image.
I've got a shared emptyDir volume shared between the two.
The way git-sync works is:
It checks out the revision under
rev-<hash>
, and creates a symlinkname-of-repo -> rev-<hash>
.And then periodically checks for new changes, checks out new
rev-<hash>
and repoints the symlink.I am pointing your image to serve
name-of-repo/config
, and initially it works, but I observe that once git-sync checks out a new revision, your image starts returning 404s.I am no rust expert, but I believe as you wire your server up, you are probably resolving the symlink to a real path along the way, hence prevent any serving of files once the symlink is changed.
The text was updated successfully, but these errors were encountered: