httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: [users@httpd] Apache 2.2 security concern
Date Sat, 12 May 2007 07:38:23 GMT
On Fri, 11 May 2007 23:01:12 -0500
Sam Lavitt <sam@lavitt.net> wrote:

> I am wondernig if apache 2.2 has a means to prevent a user with a
> site hosted on the server, from accessing another users files.

That's the operating system's business.

>	  (e.g.
> I have /hosting/user1, and I don't want him to be able to run a
> script to open /hosting/user2/password-file)

You mean protect user2 from possible consequences of idiocy?
Read up on suexec for scripts.  And consider using group permissions.

>	  I read someplace that
> there was a mpm for apache 1.3 that would restrict the child threads
> spawned for each request to files that could be accessed by a
> specific user account, but I can find no such mpm for apache 2.2.

An MPM is to 1.3 as a bicycle to a fish.

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message