Maybe the Apache mailing list is a better place to ask.
http://httpd.apache.org/userslist.html
//frank
16 nov 2007 kl. 12.20 skrev Joerg Schoppet:
Hi,
no more tips for this problem?
Joerg Schoppet
Joerg Schoppet wrote:
Hi,
actually I try to make my webserver-installation more secure. I've
something in mind, but don't know if it is possible and if so, how
to do
it ;-)
Actually I have the following config:
Directory-Structure:
/var/www
domain1
conf
cgi-bin
web
htdocs
logs
domain2
I've installed mod_fastcgi in apache and uses suexec.
In each /var/www/domainx/cgi-bin I have a php-fcgi-starter-file,
which
starts /usr/bin/php5-cgi.
Actually I see the following problem: I can run each "domain" under a
different user, but the developer within each "domain" can program
php-code to at least VIEW a lot of other things outside the
domain-directory.
Now I thought about the following:
If I can create a chroot-jail within /var/www/domainx/web and let
php5-cgi be executed within this chroot-jail, the developers would
only
see there own directory structure like
var/www/domain1/web
etc
bin
usr
home
What I've get so far is, that I've created a chroot jail within the
web-directory. I can chroot to there and execute php (I used
"jailer",
for this).
But I don't get it to work that mod_fastcgi starts the chroot-jail.
I googled a lot, but only found howtos and tutorials how to put the
complete apache into a jail, but this is not what I want. Each domain
have to be in its own jail.
Can someone help me / point me in the right direction?
Thanks in advance
Joerg Schoppet
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
