[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Light weight IDSes and then some

George P Boutwell on 2005-07-14 18:02:40 -0500:

> > > 2) Apache & or cgi-bins I use, where the cause of my closest to being
> > > compromised situations.  If I set-up Apache, PHP, cgis, etc in a
> > > chroot jail, how can I still provide and /~username/ type set-up, as I
> > > have at least 2 situations where I rely heavily on that?  As near as I
> > > can tell this is not covered in any of the Apache chroot information
> > > I've read.
> > I don't really see the problem with /~username/ in a chroot
> > environment. You can
> > loopback mount if you need those homes somewhere else as well.
> Well.. Currently if I add a user, say user1...  He gest an public_html
> directory added to his /home/user1 directory.  If he set-up an index
> file of some kind in that directory the url http://myserver/~user1/
> gives him that index file...  How could I still provide ~/public_html
> directory in users 'home' and still have Apache serve it up from a
> chroot?

OpenBSD places all of the user's public_html directories under the
Apache chroot.  I've found it no hassle to put a symlink in the user's
directory, but then again I wasn't doing quotas.

Attachment: pgpfiUhQ_5HTB.pgp
Description: PGP signature

Reply to: