An apology...
> On 10.03.11 03:59, aaron...@comcast.net wrote:
> > While the setup Jim decribes is similar to what I have setup, The issue
> > still remains when a user uploads a PHPSHELL to there docment root and
> > access the server through the uploaded shell they are no longer operating
> > un
On 10.03.11 03:59, aaron...@comcast.net wrote:
> While the setup Jim decribes is similar to what I have setup, The issue
> still remains when a user uploads a PHPSHELL to there docment root and
> access the server through the uploaded shell they are no longer operating
> under the FTP user account.
On 06.03.11 22:43, aaron...@comcast.net wrote:
> I have apache2 running virtual hosts. Ive fingered out how to jail a user
> that uploads files to the document root using jailkit and only allow SFTP
> access. What I have not fingered out is how to keep a user from reading
> other files on the syste
virtualhost run under a different
account and jailing each account in a different jail.
- Original Message -
From: "Jim Walls"
To: users@httpd.apache.org
Sent: Monday, March 7, 2011 12:58:59 AM
Subject: Re: [users@httpd] How do I keep Virtural hosts from seeing the others
doc
Jim Walls wrote:
~snip~
>
> Did I just answer the question or am I completely missing the question?
>
>
and with no ftp server installed you can point a web bowser to
ftp://xyz.com and httpd will allow ftp protocol read access.
to stop that you need to do as earlier posters described.
---
On 3/6/2011 2:43 PM, aaron...@comcast.net wrote:
I have apache2 running virtual hosts. Ive fingered out how to jail a
user that uploads files to the document root using jailkit and only
allow SFTP access. What I have not fingered out is how to keep a user
from reading other files on the system
I'm running Apache/2.2.12 (Ubuntu) Server. I thought I was running a separate
instance of httpd by having Listen configured twice in the ports.conf file. see
below.
I have two IP virtual hosts setup in the site-available
ServerAdmin webmaster@localhost
DocumentRoot /var/www
ServerName we
On Sun, 6 Mar 2011 22:43:36 + (UTC)
aaron...@comcast.net wrote:
> I could jail the www-data account but this would not prevent one virtual host
> from seeing another using a phpshell since they would be in the same jail.
Yep. Virtualhosts aren't designed for that level of security.
You fo
On March 6, 2011 17:43 , aaron...@comcast.net wrote:
I have apache2 running virtual hosts. Ive fingered out how to jail a
user that uploads files to the document root using jailkit and only
allow SFTP access. What I have not fingered out is how to keep a user
from reading other files on the sy
I have apache2 running virtual hosts. Ive fingered out how to jail a user that
uploads files to the document root using jailkit and only allow SFTP access.
What I have not fingered out is how to keep a user from reading other files on
the system such as other virtual host document roots by uploa
10 matches
Mail list logo
