Re: Apache Virtual Hosts Chroot ?
-----BEGIN PGP SIGNED MESSAGE-----
You may find useful the apache's suEXEC wrapper, it can be configured to be
used inside a virtualhost...
This won't work with php scripts if you have mod_php.so loaded ( the php
interpreter will run as apache user ) but if load is not the problem you can
run php scripts as cgis using php4 as external handler.. ( maybe only in the
locations that user's php scripts could be dangerous )
have a look at:
Just my two cents
On Tuesday 25 February 2003 10:15, debian-isp wrote:
> Hi all !
> I am just asking myself how to secure our webserver with a couple of
> virtual hosts. Currently we have a large installation of typo3 running. It
> has a feature called fileadmin with which you can easily upload files. As
> it is thereby possible to upload php scripts and execute via the browser it
> is to my opionion possible to access other users files. As the webserver
> and the files all have the same user, needed by the system. Is there a way
> to secure this:
> - chrooting virtual hosts in apache ?
> - running multiple instances of apache
> - some kind of security system with users and groups
> - using directory settings ?
> Any ideas
> Nik Engel NETWAYS GmbH
> Senior Systems Engineer Deutschherrnstr. 47a
> Fon.0911/92885-13 D-90429 Nürnberg
> email@example.com www.netways.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----