httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mikkel Christensen <>
Subject Re: [users@httpd] Apache refuses to start when it's user is member of to many groups
Date Sat, 08 May 2004 09:51:20 GMT
On Saturday 08 May 2004 07:15, Mikkel Christensen wrote:
> On Saturday 08 May 2004 04:31, Gary Smith wrote:
> > Mikkel, 
> > The idea is for users data to be fairly secure without breaking Apache.
> > 
> > Does this make sense to this point?  If so, here is where the rest ties
> > in.  Using PHP's open_basedir users can only access files that are
> > within the authorized patch.  As the users home directory is in the path
> > they can see and access of all of there stuff.  What a user cannot do is
> > go into another users directory because it's outside their path.  This
> > applies to the system call as well.  If 'cat' isn't within the path for
> > open_basedir they cannot execute it.
> > 
> cat is allowed bo be executed though it is not within open basedir.
> All system commands are unless you specificly disable this in php.ini (or each virtual
> Problem is that many are using unix commands so completely disabling it isn't an easy
> Also open basedir does not perform any check on the information you pass to cat or whatever
program you are calling.
> I just tested this to be entirely sure. You have complete and unlimited access to all
that apache is capable og reading/writing/executing.

Of course safe_mode can take care of this since it completely disables execution of any files
not in safe_mode_exec_dir...
But safemode is more than just open basedir, it comes with a lot of restictions.
Hmm but I guess it's the only sollution for the moment.

Maybe this will help when it's finished...:

- Mikkel

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message