[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Keeping the webserver safe

Rico Secada wrote:

I have a webserver running with a couple of users as virtual hosts in
I read this article from IBM
(look for "Guard your filesystem") and testet the PHP script on an Etch
installation, and the script serves files such as /etc/passwd and

What is the best and correct way to protect the server from users who
might upload such a script on their web directory?

How can there be any way? If you allow users to upload executable scripts, you might as well give them ssh access and be done with it. You must enforce file create permissions on the upload system (ftp or whatever) which do not include 'execute' for any user or group.

Commercial web servers which offer scripting *do* normally also offer ssh access, but what the user has access to is only a virtual machine, not shared with anyone else. Chroot is nowhere near enough.

Reply to: