Re: Fastcgi or apache-mpm-itk?
Boris Pavlov wrote:
Thx for the reply Boris
>> Is there, in addition to itk, any solution for chrooting webspace
>> environments to make sure any (php) user would not have access
>> outside her htdocs directory?
>> An additonal plus woul be that you could shift around webspace
>> directories (read: failover ;-) without running into trouble because
>> stupid PHP scripts use hard-coded paths like say
>> /var/www/customerid/mydomain/htdocs/ somewhere?
> 1)the only 1000% secure way to separate two things is to separate them
> physically. but you may try grsec and apache chroots for something real,
> w/o complete virtualization.
What exactly do you mean with "apache chroots"? Is there any
particular Apache feature I'm missing? How exactly does that work
with Apache - wouldn't Apache/PHP miss the (system wide) dirs like
/usr/lib/php5 and libraries etc.?
> 2)look at mount -o bind /dir /otherdir
This would maybe help mapping in directories in failover state from
somewhere else but still, if customers use absolute paths like
/var/www/customerid/mydomain/htdocs/... I still might need to "fake"
the whole structure.
I'd prefer a way to let each customer (her PHP script, that is) see
only /www (on a per vhost basis) as it would be with chroot.
Cheers,
Norbert
Reply to: