> > > > Uhm, is it fine ? > > use -l option to copy symlinks (unless you don't want them for a reason). > > Sure, and then if someone breaks into taz and puts a symlink "foo -> /" > then rsync will copy it... which is fine for chroot'd ftpds. But if you > also serve that filespace via a non-chrooted httpd, then you could be > opening yourself up to something you don't want. > > Dean >
Yes, any solution to this ? Perhaps areas being mirrored shouldn't have symlinks in the first place, and then the mirror process (be it mirror, rsync or whatever) should not copy symlinks, assuming they shouldn't exist in the origin server ? This seems a more general issue about mirrors accessible outside chroot env, though. we are running hundreds of mirrors, and most of them use symlinks internally, so we cannot ignore this. On the other hand, we make them all accessible with httpd that follows symlinks. We are being quite naive here :-( --w
