httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: [users@httpd] Apache 2.2 security concern
Date Sat, 12 May 2007 07:38:23 GMT
On Fri, 11 May 2007 23:01:12 -0500
Sam Lavitt <> wrote:

> I am wondernig if apache 2.2 has a means to prevent a user with a
> site hosted on the server, from accessing another users files.

That's the operating system's business.

>	  (e.g.
> I have /hosting/user1, and I don't want him to be able to run a
> script to open /hosting/user2/password-file)

You mean protect user2 from possible consequences of idiocy?
Read up on suexec for scripts.  And consider using group permissions.

>	  I read someplace that
> there was a mpm for apache 1.3 that would restrict the child threads
> spawned for each request to files that could be accessed by a
> specific user account, but I can find no such mpm for apache 2.2.

An MPM is to 1.3 as a bicycle to a fish.

Nick Kew

Application Development with Apache - the Apache Modules Book

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message