Mercurial > hg > nginx-site

comparison xml/en/docs/http/ngx_http_core_module.xml @ 436:3a9f39341c7c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- Documented the "from" parameter of the "disable_symlinks" directive, and that read permissions on intermediate directories are no longer required on OSes that support opening directories for searching. - Improved documentation of $document_root and $realpath_root.
author Ruslan Ermilov <ru@nginx.com>
date Wed, 29 Feb 2012 13:25:22 +0000
parents 2b9507b2cdf3
children b27974b92a58
comparison
equal deleted inserted replaced
435:338c5aa982f8 436:3a9f39341c7c
463 463
464 </directive> 464 </directive>
465 465
466 466
467 <directive name="disable_symlinks"> 467 <directive name="disable_symlinks">
468 <syntax><literal>off</literal></syntax>
468 <syntax> 469 <syntax>
469 <literal>on</literal> | 470 <literal>on</literal> |
470 <literal>off</literal> | 471 <literal>if_not_owner</literal>
471 <literal>if_not_owner</literal></syntax> 472 [<literal>from</literal>=<value>prefix</value>]</syntax>
472 <default>off</default> 473 <default>off</default>
473 <context>http</context> 474 <context>http</context>
474 <context>server</context> 475 <context>server</context>
475 <context>location</context> 476 <context>location</context>
476 <appeared-in>1.1.15</appeared-in> 477 <appeared-in>1.1.15</appeared-in>
477 478
478 <para> 479 <para>
479 Determines how nginx treats symbolic links when opening files: 480 Determines how symbolic links should be treated when opening files:
480 <list type="tag"> 481 <list type="tag">
481 482
482 <tag-name><literal>off</literal></tag-name> 483 <tag-name><literal>off</literal></tag-name>
483 <tag-desc> 484 <tag-desc>
484 Symbolic links in the pathname are not processed specially. 485 Symbolic links in the pathname are allowed and not checked.
485 This is the default behavior. 486 This is the default behavior.
486 </tag-desc> 487 </tag-desc>
487 488
488 <tag-name><literal>on</literal></tag-name> 489 <tag-name><literal>on</literal></tag-name>
489 <tag-desc> 490 <tag-desc>
496 Access to a file is denied if any component of the pathname 497 Access to a file is denied if any component of the pathname
497 is a symbolic link, and the link and object that the link 498 is a symbolic link, and the link and object that the link
498 points to have different owners. 499 points to have different owners.
499 </tag-desc> 500 </tag-desc>
500 501
502 <tag-name><literal>from</literal>=<value>prefix</value></tag-name>
503 <tag-desc>
504 When checking symbolic links
505 (parameters <literal>on</literal> and <literal>if_not_owner</literal>),
506 each component of the pathname is normally checked.
507 If however the
508 <literal>from</literal>=<value>prefix</value> is also given,
509 symbolic links are checked only from the component of the pathname
510 specified by <value>prefix</value>.
511 The <value>prefix</value> value can contain variables.
512 If a value is not a prefix of the checked pathname, the whole
513 pathname is checked as if this parameter was not specified at all.
514 </tag-desc>
515
501 </list> 516 </list>
517 </para>
518
519 <para>
520 Example:
521 <example>
522 disable_symlinks on from=$document_root;
523 </example>
502 </para> 524 </para>
503 525
504 <para> 526 <para>
505 This directive is only available on systems that have the 527 This directive is only available on systems that have the
506 <c-func>openat</c-func> and <c-func>fstatat</c-func> interfaces. 528 <c-func>openat</c-func> and <c-func>fstatat</c-func> interfaces.
508 </para> 530 </para>
509 531
510 <para> 532 <para>
511 Parameters <literal>on</literal> and <literal>if_not_owner</literal> 533 Parameters <literal>on</literal> and <literal>if_not_owner</literal>
512 add a processing overhead. 534 add a processing overhead.
513 Furthermore, 535 <note>
536 On systems that do not support opening directories for search only,
514 the use of these parameters requires that 537 the use of these parameters requires that
515 worker processes be able to read all intermediate 538 worker processes be able to read all intermediate
516 directories. 539 directories.
540 </note>
517 </para> 541 </para>
518 542
519 </directive> 543 </directive>
520 544
521 545
2563 the <value>name</value> cookie 2587 the <value>name</value> cookie
2564 </tag-desc> 2588 </tag-desc>
2565 2589
2566 <tag-name><var>$document_root</var></tag-name> 2590 <tag-name><var>$document_root</var></tag-name>
2567 <tag-desc> 2591 <tag-desc>
2568 <link id="root"/> directive's value for the current request 2592 <link id="root"/> or <link id="alias"/> directive's value
2593 for the current request
2569 </tag-desc> 2594 </tag-desc>
2570 2595
2571 <tag-name><var>$document_uri</var></tag-name> 2596 <tag-name><var>$document_uri</var></tag-name>
2572 <tag-desc> 2597 <tag-desc>
2573 same as <var>$uri</var> 2598 same as <var>$uri</var>
2622 same as <var>$args</var> 2647 same as <var>$args</var>
2623 </tag-desc> 2648 </tag-desc>
2624 2649
2625 <tag-name><var>$realpath_root</var></tag-name> 2650 <tag-name><var>$realpath_root</var></tag-name>
2626 <tag-desc> 2651 <tag-desc>
2627 <link id="root"/> directive's value 2652 an absolute pathname corresponding to the
2628 for the current request, with all symbolic links resolved to real paths 2653 <link id="root"/> or <link id="alias"/> directive's value
2654 for the current request,
2655 with all symbolic links resolved to real paths
2629 </tag-desc> 2656 </tag-desc>
2630 2657
2631 <tag-name><var>$remote_addr</var></tag-name> 2658 <tag-name><var>$remote_addr</var></tag-name>
2632 <tag-desc> 2659 <tag-desc>
2633 client address 2660 client address