On 3/6/2011 2:43 PM, aaron...@comcast.net wrote:
I have apache2 running virtual hosts. Ive fingered out how to jail a user that uploads files to the document root using jailkit and only allow SFTP access. What I have not fingered out is how to keep a user from reading other files on the system such as other virtual host document roots by uploading a phpshell which runs under the www-data user which is not jailed.
Maybe I'm not understanding the problem. As I understand it, you dont want a user that has ftp access to one of your virtual hosts to be able to have read access to another of the virtual hosts. What's the problem? As I understand the question, this has everything to do with the security and setup of your ftp server and nothing to do with apache. I have this very easily. I use Bulletproof FTP server and I can easily allow a user ID whatever access and to whatever directories I want. The two virtual servers have completely different document roots. Let me give an example:
I have a virtual server that is xyz.org with a root of C:\Program Files\Apache Group\Apache2\htdocs\xyz.org I have a second virtual server that is abc.info with a root of C:\Program Files\Apache Group\Apache2\htdocs\abc.info
In my ftp server, the user IDs that are there for access to xyz.org have no access above C:\Program Files\Apache Group\Apache2\htdocs\xyz.org and the user IDs that are there for access to abc.info have no access above C:\Program Files\Apache Group\Apache2\htdocs\abc.info
Did I just answer the question or am I completely missing the question? -- 73 ------------------------------------- Jim Walls - K6CCC j...@k6ccc.org Ofc: 818-548-4804 http://members.dslextreme.com/users/k6ccc/ AMSAT Member 32537 - WSWSS Member 395
