Re: Chroot a virtual host

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 On April 19, 2011 19:47 , "--[ UxBoD ]--" <uxbod@xxxxxxxxxxxx>  wrote:
I have noticed that when running Joomla, or in-fact any browsing capable PHP code, I am able to navigate above my virtual host document root and look at other virtual host files.

How would one stop this ? I have taken a look at mod_chroot but that does not seem to work as ChrootDir can only be used in the main configuration and not in the VirtualHost directive.

As an alternative to chroot, you could use privilege separation to achieve what you want, setting up each virtual host to execute PHP code as a different user from all other virtual hosts' users.

There are many ways to implement privilege separation, see http://wiki.apache.org/httpd/PrivilegeSeparation My favorite way is to use FastCGI, although I personally use mod_proxy_fcgi for this rather than mod_fcgid.

--
  Mark Montague
  mark@xxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux