Regression in D8.0: Add Option +SymLinksIfOwnerMatch to .htaccess

Created on 29 November 2015, almost 9 years ago

Updated 5 February 2024, 10 months ago

In issue #1269780 → , currently titled "Remove symlinks option from .htaccess" it was decided after lengthy discussion to remove the "Option +FollowSymLinks" from the .htaccess file, which was present in D6 and D7 versions. This has caused a regression for a different group of users in D8.

The original change was made to accommodate shared hosting providers, many of which now require SymLinksIfOwnerMatch instead of FollowSymLinks, to suit their security concerns.

This has caused a regression in at least one major Linux distribution, OpenSuse, which will not allow the D8 installer to run without one of the SymLinks options present in .htaccess - either FollowSymLinks or SymLinksIfOwnerMatch.

The error messages produced on screen in the original problem with FollowSymLinks and in this regression with neither option are very unhelpful and risk putting off newcomers to Drupal, and wasting considerable time of those who should know better. The messages logged in the system log are correct and helpful, but the onscreen messages do not lead there easily.

We now have three possibilities for the symlink option at initial installation:

+FollowSymLinks - This will prevent numerous people on shared hosting from installing
+SymLinksIfOwnerMatch - I don't think we have found anyone who cannot do the initial install with this option

Changes made to .htaccess are overwritten by version updates, which can be a problem in many different situations, so that updating, as opposed to installation, is a slightly different problem. In the previous issue it was established that only a very few people with complex setups will need +FollowSymLinks. They are likely to be expert users who can look after their own versions of .htaccess and backup / restore as needed when updating core. It is really disheartening to less skilled users to have severe errors when installing the bare application and we should prevent that happening. At present we only know of OpenSuse causing problems but it is too early in D8's release to know that others will not affected.

We should use +SymLinksIfOwnerMatch in the supplied version of .htaccess and alter documentation to suit.

🐛 Bug report

Status

Closed: works as designed

Version

11.0 🔥

Component

Base →

Last updated about 4 hours ago

Maintained by
🇺🇸United States @effulgentsia
🇬🇧United Kingdom @catch
🇬🇧United Kingdom @alexpott
🇦🇺Australia @larowlan
🇺🇸United States @bnjmnm
🇫🇷France @nod_
🇪🇸Spain @ckrina
🇬🇧United Kingdom @justafish

Created by

🇬🇧United Kingdom AFowle

Live updates comments and jobs are added and updated live.

core

.htaccess

Needs backport to D7
After being applied to the 8.x branch, it should be considered for backport to the 7.x branch. Note: This tag should generally remain even after the backport has been written, approved, and committed.

Bug Smash Initiative

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment about 1 year ago →
🇺🇸United States papagrande US West Coast
Is this still a problem in Drupal 10? With no comment for four years, it would seem folks are working with the current settings.

If not, please add steps to reproduce including operating system and versions.

Bumping the priority down because of the lack of comment or progress.
Status changed to Closed: works as designed 10 months ago2:03am 5 February 2024
Comment 10 months ago →
🇳🇿New Zealand quietone
@AFowle, thanks for making this issue to improve Drupal core.

There has been no discussion here for 5 years, except to ask for more information 4 months ago. Since that has not been supplied it is time to close this.

Thanks everyone!

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024