Phil Howard wrote:
On Thu, Aug 12, 2010 at 13:02, David Ricar <r...@ethernet.cz> wrote:
[...]
Sorry, I'm still not understanding what you are doing. I didn't
understand why you need two users per each site.
J. Greenlees wrote:
I believe the standard method of doing this to completely lock the
server from allowing a file system traversal to another client's website
is chroot. /home/username being the top level for everything as far as
they are concerned.
...
if you want to allow multiple logins to traverse the accounts entire
directory tree, you are allowing a hole in security anyway. the only fix
is to have it only writable by the owner, none of the other ftp logins
can write anywhere but in the ftp folder.
If site is writable by user running apache, it could be owerwritten.
Many bugs, that are useless in single user for whole apache (and
multiple for ftp) grow to huge potential problem. Eny exploit, that
pases further could be used far easier and so on.
Because there is a need of high level admins of groups of sites (no root
for these), there is need for more than a single writing user anyway.
I wrote in the very beginning that I consider requirement for self
rewrite of whole web as security hole too. Is it too odd?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
