httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Trainor <i...@hostinthebox.net>
Subject Re: [users@httpd] SSL & mod_chroot
Date Tue, 08 Feb 2005 14:55:32 GMT
John wrote:
> mod_chroot chroot() every apache process.
> 
> Is that suEXEC does?
> 
> 
> ----- Original Message ----- 
> From: "Dan Trainor" <info@hostinthebox.net>
> To: <users@httpd.apache.org>
> Sent: Tuesday, February 08, 2005 4:29 PM
> Subject: Re: [users@httpd] SSL & mod_chroot
> 
> 
> 
>>John wrote:
>>
>>>Hello all
>>>
>>>Has anyone tried to mod_chroot apache 1.x or 2.x (enabling also mod_ssl)
> 
> ?
> 
>>I have not tinkered with this, but I have become quite familiar with
>>suEXEC'ing under Apache 1.3.  I believe that I will stick with suEXEC
>>indefinately because it's an actual built-in element to Apache (once
>>enabled), and I think that the Apache team would know their own security
>>better than anyone else.
>>
>>I think suEXEC'ing in a shared hosting environment is better, because
>>access can be more strictly controlled when dealing with individual
>>users - not to say that some users should have more privileges than
>>others, but... yea.
>>
>>mod_chroot looks rather interesting, I'm going to take a look at it.
>>
>>Thanks
>>-dant
>>


For the mostpart, yes.  BUt I've found it particularly useful because it 
chroot's every process to a specific username specified in whichever 
configuration you give it.  This way, I can give all my customers unique 
user ID's, and lock them down tightly.  I believe that this procedure 
gives the admin more flexibility, especially when dealing with 
permissions that may be specific to one site, installation, domain, 
setup, whatever.

Thanks
-dant

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message