I am wondernig if apache 2.2 has a means to prevent a user with a site
hosted on the server, from accessing another users files. (e.g. I have
/hosting/user1, and I don't want him to be able to run a script to open
/hosting/user2/password-file) I read someplace that there was a mpm for
apache
On 5/11/07, Sam Lavitt <[EMAIL PROTECTED]> wrote:
I am wondernig if apache 2.2 has a means to prevent a user with a site
hosted on the server, from accessing another users files. (e.g. I have
/hosting/user1, and I don't want him to be able to run a script to open
/hosting/user2/password-file)
On Fri, 11 May 2007 23:01:12 -0500
Sam Lavitt <[EMAIL PROTECTED]> wrote:
> I am wondernig if apache 2.2 has a means to prevent a user with a
> site hosted on the server, from accessing another users files.
That's the operating system's business.
> (e.g.
> I have /hosting/user1, and I don
Nick Kew wrote:
On Fri, 11 May 2007 23:01:12 -0500
Sam Lavitt <[EMAIL PROTECTED]> wrote:
I am wondernig if apache 2.2 has a means to prevent a user with a
site hosted on the server, from accessing another users files.
That's the operating system's business.
(e.g.
I hav
--- Sam Lavitt <[EMAIL PROTECTED]> wrote:
> Sorry for my lack of clarity and experience, I came
> here looking for
> advice and help.
This we do understand :)
> Based on my research, suexec only works for SSI and
> CGI, so it would be
> pointless for providing security with php, and doing
> m
On Sat, 12 May 2007 05:00:24 -0400 (EDT)
Jaqui Greenlees <[EMAIL PROTECTED]> wrote:
> > pointless for providing security with php, and doing
security with php is an oxymoron ...
> > mass-hosting, php
> > is something in pretty common use.
> Yes, PHP is very commonly used.
> No, suexec does not
> >Sam Lavitt <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> >>I am wondernig if apache 2.2 has a means to prevent a user with a
> >>site hosted on the server, from accessing another users files.
Sam -
This might be a possible solution: http://www.telana.com/peruser.php
I haven't used it, and the a
Based on my research, suexec only works for SSI and CGI, so it
would be pointless for providing security with php, and doing mass-
hosting, php is something in pretty common use. And I am sorry, I
mis-spoke, the mpm was mpm_perchild for apache 2.0, which
apparently is abandoned and broken
Sam Lavitt did speak thusly:
Based on my research, suexec only works for SSI and CGI, so it would
be pointless for providing security with php, and doing
mass-hosting, php is something in pretty common use. And I am
sorry, I mis-spoke, the mpm was mpm_perchild for apache 2.0, which
apparentl
Jaqui Greenlees did speak thusly:
Yes, as Nick mentioned, suexec and user/group
permissions are the common method for securing the
site(s) from this.
another option, slightly more hardware intensive is
the have each hosted site running as a separate
instance of apache chrooted so they do not hav
On 5/12/07, Dragon <[EMAIL PROTECTED]> wrote:
PHP provides for this directly.
There is a restrict_base_dir setting that can be applied to each
virtual host that prevents users from accessing anything outside of
the specified directory tree.
Unless you happen to be using a library that access
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 12 May 2007, Dragon wrote:
PHP provides for this directly.
There is a restrict_base_dir setting that can be applied to each virtual host
that prevents users from accessing anything outside of the specified
directory tree.
Correct, every
Res wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 12 May 2007, Dragon wrote:
PHP provides for this directly.
There is a restrict_base_dir setting that can be applied to each
virtual host that prevents users from accessing anything outside of
the specified directory tree.
13 matches
Mail list logo
