Re: Keeping the webserver safe
>From what I understand, /etc/passwd has to be world readable. If I'm
wrong, correct me please. If it's world readable, anyone can read it
unless you use a chroot or use OS containers like OpenVZ (they'd still
see the file, but it just wouldn't be the whole server's file).
On Sun, Oct 5, 2008 at 1:27 PM, Rico Secada <email@example.com> wrote:
> I have a webserver running with a couple of users as virtual hosts in
> I read this article from IBM
> (look for "Guard your filesystem") and testet the PHP script on an Etch
> installation, and the script serves files such as /etc/passwd and
> What is the best and correct way to protect the server from users who
> might upload such a script on their web directory?
> I don't want to run Apache in a chroot.
> Best regards.
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org