Re: Apache Virtual Hosts Chroot ?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi
You may find useful the apache's suEXEC wrapper, it can be configured to be
used inside a virtualhost...
http://httpd.apache.org/docs/suexec.html
This won't work with php scripts if you have mod_php.so loaded ( the php
interpreter will run as apache user ) but if load is not the problem you can
run php scripts as cgis using php4 as external handler.. ( maybe only in the
locations that user's php scripts could be dangerous )
have a look at:
http://www-pat.fnal.gov/cern/mipsabi.html
and:
http://www.psoft.net/HSdocumentation/sysadmin/php_installation.html
Just my two cents
Victor
On Tuesday 25 February 2003 10:15, debian-isp wrote:
> Hi all !
>
> I am just asking myself how to secure our webserver with a couple of
> virtual hosts. Currently we have a large installation of typo3 running. It
> has a feature called fileadmin with which you can easily upload files. As
> it is thereby possible to upload php scripts and execute via the browser it
> is to my opionion possible to access other users files. As the webserver
> and the files all have the same user, needed by the system. Is there a way
> to secure this:
>
> - chrooting virtual hosts in apache ?
> - running multiple instances of apache
> - some kind of security system with users and groups
> - using directory settings ?
>
> Any ideas
>
> __________________________________________________________
> Nik Engel NETWAYS GmbH
> Senior Systems Engineer Deutschherrnstr. 47a
> Fon.0911/92885-13 D-90429 Nürnberg
> Fax.0911/92885-33
> nengel@netways.de www.netways.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+W1WNEzqHF8R72ekRAuhgAJ9Lnjc09t4RX/VHzggFsH1untbz7ACfTYwN
t4rVOUI/OhUAJXLMifICoWo=
=de0N
-----END PGP SIGNATURE-----
Reply to: