httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Smets Jan <...@smets.cx>
Subject Re: [users@httpd] Userdir
Date Fri, 19 Nov 2004 17:18:11 GMT



On 2004-11-19 17:17:48 (+0100), Ralf Glauberman <rglauberman@michaeli-gymnasium.de>
wrote:
> try the php-save-mode options, php will be able to change the dir but not 
> to read files from other users.

Safe_mode is already enabled, but I really want things tightent down.

Thanks for your feedback.


> ----- Original Message ----- 
> From: "Smets Jan" <jan@smets.cx>
> To: <users@httpd.apache.org>
> Sent: Friday, November 19, 2004 2:13 PM
> Subject: [users@httpd] Userdir
> 
> 
> >Hello list,
> >
> >I have a question regarding mod_userdir and 'system security'
> >
> >"Userdir public_html" gives the effect of
> >http://host.tld/~user1 -> /home/user1/public_html
> >htpp://host.tld/~user2 -> /home/user2/public_html
> >etc.
> >
> >As you all know, with php enabled, www-data can access all public_html 
> >dirs,
> >and read all files in the public_html dir of other users.
> >To solve this problem i'm looking for a way to lockdown 
> >http://host.tld/~user1
> >into /home/user1/public_html
> >(in other words, http://host.tld/~user1 links to /home/user1/public_html 
> >and
> >php shouldn't be able to change dir to /etc orso)
> >
> >When using vhosts there is a option named php_admin_value open_basedir 
> >/path/
> >
> >Unfortunately, when using mod_userdir there are not much options
> >
> ><Directory /home/*/public_html> , where * is interpolated to all dirs in 
> >/home
> >having a /public_html subdir.
> >So I was thinking of doing the same thing, like php_admin_value 
> >open_basedir
> >/home/*/public_html, but of course this didn't work ;)
> >
> >A workaround could be creating a seperated vhost file for every user with
> >open_basedir /home/$user/public_html, but I prefer not doing this.
> >
> >Anyone has any other ideas to achieve the same result?
> >
> >Thanks in advance.
> >
> >-- 
> >Smets Jan
> >jan@smets.cx
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP Server Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

-- 
Smets Jan
jan@smets.cx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message