Many Virtual Hosts security problem with PHP
I have a machine with many virtual hosts. Some of the virtual hosts are
maintained by clients (we serve as web hosting company) and some are
The external accounts are loked out of the main fylesystem using proftpd
chroot feature and by having /dev/null as the shell.
My problem is that even that way users of the external group can use php's
fopen() to open other files. And in a php/mysql enviroment is not hard to
find files with database login/password. If i had lots of IP's i could run
several copies of apache each one on it's ip and one for each external
client, i would run it with the clients group and that way i could lock each
one out of the others account. The problem is that i dont have lots of ip's,
any ideas on how to solve this?
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org