Nick Kew wrote:
On Fri, 11 May 2007 23:01:12 -0500
Sam Lavitt <[EMAIL PROTECTED]> wrote:
I am wondernig if apache 2.2 has a means to prevent a user with a
site hosted on the server, from accessing another users files.
That's the operating system's business.
(e.g.
I have /hosting/user1, and I don't want him to be able to run a
script to open /hosting/user2/password-file)
You mean protect user2 from possible consequences of idiocy?
Read up on suexec for scripts. And consider using group permissions.
I read someplace that
there was a mpm for apache 1.3 that would restrict the child threads
spawned for each request to files that could be accessed by a
specific user account, but I can find no such mpm for apache 2.2.
An MPM is to 1.3 as a bicycle to a fish.
Sorry for my lack of clarity and experience, I came here looking for
advice and help.
Based on my research, suexec only works for SSI and CGI, so it would be
pointless for providing security with php, and doing mass-hosting, php
is something in pretty common use. And I am sorry, I mis-spoke, the mpm
was mpm_perchild for apache 2.0, which apparently is abandoned and
broken. (see http://httpd.apache.org/docs/2.0/mod/perchild.html ) I
lack the programing skills that would be needed to repair it unfortunately.
So is there anything that is functional, maintained, and would allow me
to provide the security that would be needed, ideally apache 2.2, if
not, at least 2.0? Or any other webserver which can provide the
security needed?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
