On Thu, 28 Sep 2006, James Strandboge wrote:
> On Thu, 2006-09-28 at 10:55 +0200, Aiko Barz wrote:
> > Hi *,
> >
> > I use OpenBSD+Apache+Chroot for my webservices. The users can access
> > their vhosts by using scponly, which is chrooted into /var/www as
> > well.
> > /htdocs/www.example.net belongs to theuser:www and has the
> > permissions rwxr-x---.
> >
> > The issue: If my users start to install a php-Filebrowser, they are
> > able to access the other Webdirectories and could read config.php,
> > because they are doing it with the permissions of the webserver.
> > Write access would be possible as well, since some parts need to have
> > write access.
>
ftpchroot works well - chroot'ing to the user's home directory.
You should have scponly chroot'd to the USER's directory, not Apache's
directory.
Lee
