Mercurial > hg > nginx-site

diff xml/en/docs/http/ngx_http_core_module.xml @ 436:3a9f39341c7c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- Documented the "from" parameter of the "disable_symlinks" directive, and that read permissions on intermediate directories are no longer required on OSes that support opening directories for searching. - Improved documentation of $document_root and $realpath_root.
author Ruslan Ermilov <ru@nginx.com>
date Wed, 29 Feb 2012 13:25:22 +0000
parents 2b9507b2cdf3
children b27974b92a58
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_core_module.xml	Wed Feb 29 10:56:18 2012 +0000
+++ b/xml/en/docs/http/ngx_http_core_module.xml	Wed Feb 29 13:25:22 2012 +0000
@@ -465,10 +465,11 @@
 
 
 <directive name="disable_symlinks">
+<syntax><literal>off</literal></syntax>
 <syntax>
     <literal>on</literal> |
-    <literal>off</literal> |
-    <literal>if_not_owner</literal></syntax>
+    <literal>if_not_owner</literal>
+    [<literal>from</literal>=<value>prefix</value>]</syntax>
 <default>off</default>
 <context>http</context>
 <context>server</context>
@@ -476,12 +477,12 @@
 <appeared-in>1.1.15</appeared-in>
 
 <para>
-Determines how nginx treats symbolic links when opening files:
+Determines how symbolic links should be treated when opening files:
 <list type="tag">
 
 <tag-name><literal>off</literal></tag-name>
 <tag-desc>
-Symbolic links in the pathname are not processed specially.
+Symbolic links in the pathname are allowed and not checked.
 This is the default behavior.
 </tag-desc>
 
@@ -498,10 +499,31 @@
 points to have different owners.
 </tag-desc>
 
+<tag-name><literal>from</literal>=<value>prefix</value></tag-name>
+<tag-desc>
+When checking symbolic links
+(parameters <literal>on</literal> and <literal>if_not_owner</literal>),
+each component of the pathname is normally checked.
+If however the
+<literal>from</literal>=<value>prefix</value> is also given,
+symbolic links are checked only from the component of the pathname
+specified by <value>prefix</value>.
+The <value>prefix</value> value can contain variables.
+If a value is not a prefix of the checked pathname, the whole
+pathname is checked as if this parameter was not specified at all.
+</tag-desc>
+
 </list>
 </para>
 
 <para>
+Example:
+<example>
+disable_symlinks on from=$document_root;
+</example>
+</para>
+
+<para>
 This directive is only available on systems that have the
 <c-func>openat</c-func> and <c-func>fstatat</c-func> interfaces.
 This includes modern versions of FreeBSD, Linux, and Solaris.
@@ -510,10 +532,12 @@
 <para>
 Parameters <literal>on</literal> and <literal>if_not_owner</literal>
 add a processing overhead.
-Furthermore,
+<note>
+On systems that do not support opening directories for search only,
 the use of these parameters requires that
 worker processes be able to read all intermediate
 directories.
+</note>
 </para>
 
 </directive>
@@ -2565,7 +2589,8 @@
 
 <tag-name><var>$document_root</var></tag-name>
 <tag-desc>
-<link id="root"/> directive's value for the current request
+<link id="root"/> or <link id="alias"/> directive's value
+for the current request
 </tag-desc>
 
 <tag-name><var>$document_uri</var></tag-name>
@@ -2624,8 +2649,10 @@
 
 <tag-name><var>$realpath_root</var></tag-name>
 <tag-desc>
-<link id="root"/> directive's value
-for the current request, with all symbolic links resolved to real paths
+an absolute pathname corresponding to the
+<link id="root"/> or <link id="alias"/> directive's value
+for the current request,
+with all symbolic links resolved to real paths
 </tag-desc>
 
 <tag-name><var>$remote_addr</var></tag-name>