Hi,
actually I try to make my webserver-installation more secure. I've
something in mind, but don't know if it is possible and if so, how to do
it ;-)
Actually I have the following config:
Directory-Structure:
/var/www
domain1
conf
cgi-bin
web
htdocs
logs
domain2
I've installed mod_fastcgi in apache and uses suexec.
In each /var/www/domainx/cgi-bin I have a php-fcgi-starter-file, which
starts /usr/bin/php5-cgi.
Actually I see the following problem: I can run each "domain" under a
different user, but the developer within each "domain" can program
php-code to at least VIEW a lot of other things outside the
domain-directory.
Now I thought about the following:
If I can create a chroot-jail within /var/www/domainx/web and let
php5-cgi be executed within this chroot-jail, the developers would only
see there own directory structure like
var/www/domain1/web
etc
bin
usr
home
What I've get so far is, that I've created a chroot jail within the
web-directory. I can chroot to there and execute php (I used "jailer",
for this).
But I don't get it to work that mod_fastcgi starts the chroot-jail.
I googled a lot, but only found howtos and tutorials how to put the
complete apache into a jail, but this is not what I want. Each domain
have to be in its own jail.
Can someone help me / point me in the right direction?
Thanks in advance
Joerg Schoppet
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
