Re: Apache Virtual Hosts Chroot ?
I think you can setup chrooted logins for uploading files: your chroot
will run sshd (proftpd?) and users will have their homes in chroot to.
Play with home directory permisions so they have no possibility access
files they don't own.
Another way is let people upload files to other location than your
chroot. So users will upload files, and your script every 5 min. will
copy files to right location on your chroot. But then you need "smart"
script which will not copy files in time of upload, I mean you need some
lock-file system.
Regards,
Martynas
An, 2003-02-25 11:15, debian-isp rašė:
> Hi all !
>
> I am just asking myself how to secure our webserver with a couple of virtual hosts.
> Currently we have a large installation of typo3 running. It has a feature called fileadmin with which you can easily upload files. As it is thereby possible to upload php scripts and execute via the browser it is to my opionion possible to access other users files. As the webserver and the files all have the same user, needed by the system.
> Is there a way to secure this:
>
> - chrooting virtual hosts in apache ?
> - running multiple instances of apache
> - some kind of security system with users and groups
> - using directory settings ?
>
> Any ideas
>
> __________________________________________________________
> Nik Engel NETWAYS GmbH
> Senior Systems Engineer Deutschherrnstr. 47a
> Fon.0911/92885-13 D-90429 Nürnberg
> Fax.0911/92885-33
> nengel@netways.de www.netways.de
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: