Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 420759

Summary:	Cannot access symlink
Product:	[ECD] Orion	Reporter:	Paul Lesiecki <ntgdpl>
Component:	Server	Assignee:	Project Inbox <orion.server-inbox>
Status:	RESOLVED WORKSFORME	QA Contact:
Severity:	normal
Priority:	P3	CC:	ahunter.eclipse
Version:	4.0
Target Milestone:	---
Hardware:	PC
OS:	Linux
Whiteboard:

Description Paul Lesiecki

2013-10-30 16:44:42 EDT

Steps to reproduce:

1. configure the allowed local paths to /path1,/path2
2. launch orion and link folders for both server paths
3. create symlink to /path2 inside /path1 as /path1/linkToPath2
4. refresh navigator tree and navigate to folder linkToPath2 (subdirectory of one of the paths you supplied in Step 2)
5. notice notification "Forbidden: /user-OrionContent/path1/linkToPath2/"

Comment 1 Anthony Hunter

2013-10-30 17:47:38 EDT

(In reply to Missing name from comment #0)
> 5. notice notification "Forbidden: /user-OrionContent/path1/linkToPath2/"

This works as currently designed. We prevent the creation and execution against files and folders on the server that are symbolic links.

Comment 2 Paul Lesiecki

2013-10-31 06:16:40 EDT

Any explanation why is that?

Comment 3 John Arthorne

2013-10-31 11:54:15 EDT

It is disabled because of security risk. I could imagine allowing this for the admin specified paths but really the server storage location should be opaque for the end user - end user will not ever know absolute servers and so can't meaningfully use symlinks. Maybe you can describe the kind of scenario where you want this - is it a single user server running on localhost?

Comment 4 Paul Lesiecki

2013-11-04 05:09:00 EST

In my use case, I as admin, I want to allow end users (on prepared accounts) to edit only specific files (in only selected directories). 
Instead of adding each path to allowed paths I tried set only one allowed path and then inside that path I made symlinks to directories which I want give access to.