On Thu, 2006-09-28 at 10:55 +0200, Aiko Barz wrote: > Hi *, > > I use OpenBSD+Apache+Chroot for my webservices. The users can access > their vhosts by using scponly, which is chrooted into /var/www as > well. > /htdocs/www.example.net belongs to theuser:www and has the > permissions rwxr-x---. > > The issue: If my users start to install a php-Filebrowser, they are > able to access the other Webdirectories and could read config.php, > because they are doing it with the permissions of the webserver. > Write access would be possible as well, since some parts need to have > write access.
Its extra work, but you could setup completely different chroots for each domain. This way each domain is isolated and you can tailor each one to the user's needs. Jamie Strandboge -- Anemone Computing http://www.anemonecomputing.com/
