At 09:14 AM 5/20/2006, you wrote:
On 20 May 2006, at 00:44, Stuart Henderson wrote:
> move the files under /var/www, and nfs mount to 127.0.0.1 back
> into the homes? you probably want to look at amd for this.
> of course the ftpd could sit on another machine if you want.
This means that I'd need an nfs mount point for each website running
on that machine (a lot more than 80), and also requiring the use of
nfs.
> moving the whole homes under /var/www is simpler and presumably
> more robust, of course... and hey, it's only 80.
Which defeats the object of what I'm trying to achieve; user's
websites (and only their websites) are inside the apache chroot, so
in the event of a php or apache exploit, only their websites are
exposed, not their entire home directory or Maildir.
Something's got to give here. I suspect that I'm going to have to
un-
chroot the ftp daemon. Is there an ftpd somewhere that can prevent
users from looking at certain directories? For example, I would
like
to limit access only to /home/username and /var/www/home/username in
ftpd, and prevent access to places like /etc, /usr/local, and so on.
Gaby
I use Pro FTP to chroot users to their home directories. see
http://www.proftpd.org/
