chrooted php5-cgi in a non chrooted apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

actually I try to make my webserver-installation more secure. I've
something in mind, but don't know if it is possible and if so, how to do
it ;-)

Actually I have the following config:

Directory-Structure:

/var/www
  domain1
    conf
    cgi-bin
    web
      htdocs
      logs
  domain2


I've installed mod_fastcgi in apache and uses suexec.
In each /var/www/domainx/cgi-bin I have a php-fcgi-starter-file, which
starts /usr/bin/php5-cgi.

Actually I see the following problem: I can run each "domain" under a
different user, but the developer within each "domain" can program
php-code to at least VIEW a lot of other things outside the
domain-directory.

Now I thought about the following:
If I can create a chroot-jail within /var/www/domainx/web and let
php5-cgi be executed within this chroot-jail, the developers would only
see there own directory structure like
var/www/domain1/web
  etc
  bin
  usr
  home

What I've get so far is, that I've created a chroot jail within the
web-directory. I can chroot to there and execute php (I used "jailer",
for this).

But I don't get it to work that mod_fastcgi starts the chroot-jail.

I googled a lot, but only found howtos and tutorials how to put the
complete apache into a jail, but this is not what I want. Each domain
have to be in its own jail.

Can someone help me / point me in the right direction?


Thanks in advance

Joerg Schoppet

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux