Hello, all -Doing some research into tightening security down on Apache for untrusted users, I've come up with a few questions.
Apache's suEXEC functions look pretty neat. But it sounds as if this only protects executables (hence the name, suEXEC), and not the actual child processes that Apache starts. This is fine, but not exactly what I'm looking for.
Ultimately, I'd like to have each VirtualHost run as a seperate user, and then from there I can restrict access based on user privileges, rather than doing this through Apache.
There's also the jail, but for this situation, wouldn't quite work for a number of reasons.
If there's anything remotely close to what I'm thinking about, can someone please bounce back a message to the list and tell me a bit about it? If I'm wrong about how suEXEC works, can you please correct me on that, as well? Would you mind giving some details as to how you would secure Apache for hosting for untrusted users?
Thanks! -dant --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|