Hi, no more tips for this problem? Joerg Schoppet Joerg Schoppet wrote: > Hi, > > actually I try to make my webserver-installation more secure. I've > something in mind, but don't know if it is possible and if so, how to do > it ;-) > > Actually I have the following config: > > Directory-Structure: > > /var/www > domain1 > conf > cgi-bin > web > htdocs > logs > domain2 > > > I've installed mod_fastcgi in apache and uses suexec. > In each /var/www/domainx/cgi-bin I have a php-fcgi-starter-file, which > starts /usr/bin/php5-cgi. > > Actually I see the following problem: I can run each "domain" under a > different user, but the developer within each "domain" can program > php-code to at least VIEW a lot of other things outside the > domain-directory. > > Now I thought about the following: > If I can create a chroot-jail within /var/www/domainx/web and let > php5-cgi be executed within this chroot-jail, the developers would only > see there own directory structure like > var/www/domain1/web > etc > bin > usr > home > > What I've get so far is, that I've created a chroot jail within the > web-directory. I can chroot to there and execute php (I used "jailer", > for this). > > But I don't get it to work that mod_fastcgi starts the chroot-jail. > > I googled a lot, but only found howtos and tutorials how to put the > complete apache into a jail, but this is not what I want. Each domain > have to be in its own jail. > > Can someone help me / point me in the right direction? > > > Thanks in advance > > Joerg Schoppet -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
