I'm experiencing difficulties using apache in the following environment. Is there any good solution that would solve the security problems? Server version: Apache/2.2.2 Server built: May 14 2006 18:14:53 PHP 5.1.4 (cli) (built: May 5 2006 19:14:55) Virtual users are stored under /home/web/domain.tld/username where users have access to their directory using a ftpd with virtual accounts. All files and directories are owned by a single system uid/gid. Now, using this setup, users can access files and directories outside their own home using php, this is something that I really need to prevent. I'd like to chroot/jail them to their own directory. I could run a config parser and set up <Directory> settings for each users having php_admin_value set for open_basedir. But that seems to be a bit much. Is there any other way to approach this problem? Mattias Segerdahl EMS IT- & Säkerhetslösningar Påskbergatan 10, 41268 Göteborg Telephone: +46-31-7034120 Cellular: +46-735-867626 Fax: +46-735-867626 Vi ber dig lägga märke till att detta e-postmeddelande kan innehålla konfidentiell information. Om du felaktigt blivit mottagare av detta meddelande, ber vi dig informera avsändaren om felet genom att använda svar-funktionen. Vi ber dig också att radera e-postmeddelandet utan att skicka det vidare eller kopiera det. Trots att vi intygar att e-postmeddelandet och eventuella bilagor inte innehåller virus och andra fel som kan påverka datorn eller IT-systemet där det mottages och läses, öppnas det på mottagarens eget ansvar. Vi tar inte på oss något ansvar för förlust eller skada, som har uppstått i samband med att e-postmeddelandet mottagits och använts. Please note that this message may contain confidential information. If you have received this message by mistake, please inform the sender of the mistake by sending a reply, then delete the message from your system without making, distributing or retaining any copies of it. Although we believe that the message and any attachments are free from viruses and other errors that might affect the computer or IT system where it is received and read, the recipient opens the message at his or her own risk. We assume no responsibility for any loss or damage arising from the receipt or use of this message. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|