Regression in D8.0: Add Option +SymLinksIfOwnerMatch to .htaccess

Created on 29 November 2015, about 9 years ago
Updated 5 February 2024, 11 months ago

In issue #1269780 β†’ , currently titled "Remove symlinks option from .htaccess" it was decided after lengthy discussion to remove the "Option +FollowSymLinks" from the .htaccess file, which was present in D6 and D7 versions. This has caused a regression for a different group of users in D8.

The original change was made to accommodate shared hosting providers, many of which now require SymLinksIfOwnerMatch instead of FollowSymLinks, to suit their security concerns.

This has caused a regression in at least one major Linux distribution, OpenSuse, which will not allow the D8 installer to run without one of the SymLinks options present in .htaccess - either FollowSymLinks or SymLinksIfOwnerMatch.

The error messages produced on screen in the original problem with FollowSymLinks and in this regression with neither option are very unhelpful and risk putting off newcomers to Drupal, and wasting considerable time of those who should know better. The messages logged in the system log are correct and helpful, but the onscreen messages do not lead there easily.

We now have three possibilities for the symlink option at initial installation:

  • +FollowSymLinks - This will prevent numerous people on shared hosting from installing
  • +SymLinksIfOwnerMatch - I don't think we have found anyone who cannot do the initial install with this option

Changes made to .htaccess are overwritten by version updates, which can be a problem in many different situations, so that updating, as opposed to installation, is a slightly different problem. In the previous issue it was established that only a very few people with complex setups will need +FollowSymLinks. They are likely to be expert users who can look after their own versions of .htaccess and backup / restore as needed when updating core. It is really disheartening to less skilled users to have severe errors when installing the bare application and we should prevent that happening. At present we only know of OpenSuse causing problems but it is too early in D8's release to know that others will not affected.

We should use +SymLinksIfOwnerMatch in the supplied version of .htaccess and alter documentation to suit.

πŸ› Bug report
Status

Closed: works as designed

Version

11.0 πŸ”₯

Component
BaseΒ  β†’

Last updated 1 day ago

Created by

πŸ‡¬πŸ‡§United Kingdom AFowle

Live updates comments and jobs are added and updated live.
  • Needs backport to D7

    After being applied to the 8.x branch, it should be considered for backport to the 7.x branch. Note: This tag should generally remain even after the backport has been written, approved, and committed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡ΊπŸ‡ΈUnited States papagrande US West Coast

    Is this still a problem in Drupal 10? With no comment for four years, it would seem folks are working with the current settings.

    If not, please add steps to reproduce including operating system and versions.

    Bumping the priority down because of the lack of comment or progress.

  • Status changed to Closed: works as designed 11 months ago
  • πŸ‡³πŸ‡ΏNew Zealand quietone

    @AFowle, thanks for making this issue to improve Drupal core.

    There has been no discussion here for 5 years, except to ask for more information 4 months ago. Since that has not been supplied it is time to close this.

    Thanks everyone!

Production build 0.71.5 2024