Re: Apache User Isolation/Perchild, or PHP "chroot"?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Has anyone set up any form of apache user isolation on CentOS? I have
multiple virtual hosts on my machine, run by users who do not trust
eachother. The problem is that any php script run by apache is able to do
things like raw file io on other users' .htpasswds, php scripts, hidden
directory listings, and so on. Database passwords can even be divulged in
this way, since they are often stored in .php scripts, which can be read
"in the raw" as files by other php scripts.

What is the easiest method for dealing with this? I found
http://webauth.stanford.edu/manual/mod/perchild.html but it does not seem
to be compiled with the CentOS 5 apache, and I've read elsewhere that php
has issues with mutlithreaded apache. Is there any easy way to isolate
individual users, by either having apache setuid, or chrooting php
scripts, or (ugh) a clean way to run a new apache copy for each vhost?

There are a few links here discussing these issues. I have read them, but not implemented them.

<http://www.linode.com/forums/viewtopic.php?t=2723>

Barry
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux