httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralf Glauberman" <rglauber...@michaeli-gymnasium.de>
Subject Re: [users@httpd] Userdir
Date Fri, 19 Nov 2004 16:17:48 GMT
try the php-save-mode options, php will be able to change the dir but not to 
read files from other users.

----- Original Message ----- 
From: "Smets Jan" <jan@smets.cx>
To: <users@httpd.apache.org>
Sent: Friday, November 19, 2004 2:13 PM
Subject: [users@httpd] Userdir


> Hello list,
>
> I have a question regarding mod_userdir and 'system security'
>
> "Userdir public_html" gives the effect of
> http://host.tld/~user1 -> /home/user1/public_html
> htpp://host.tld/~user2 -> /home/user2/public_html
> etc.
>
> As you all know, with php enabled, www-data can access all public_html 
> dirs,
> and read all files in the public_html dir of other users.
> To solve this problem i'm looking for a way to lockdown 
> http://host.tld/~user1
> into /home/user1/public_html
> (in other words, http://host.tld/~user1 links to /home/user1/public_html 
> and
> php shouldn't be able to change dir to /etc orso)
>
> When using vhosts there is a option named php_admin_value open_basedir 
> /path/
>
> Unfortunately, when using mod_userdir there are not much options
>
> <Directory /home/*/public_html> , where * is interpolated to all dirs in 
> /home
> having a /public_html subdir.
> So I was thinking of doing the same thing, like php_admin_value 
> open_basedir
> /home/*/public_html, but of course this didn't work ;)
>
> A workaround could be creating a seperated vhost file for every user with
> open_basedir /home/$user/public_html, but I prefer not doing this.
>
> Anyone has any other ideas to achieve the same result?
>
> Thanks in advance.
>
> -- 
> Smets Jan
> jan@smets.cx
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message