httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Walls <...@k6ccc.org>
Subject Re: [users@httpd] How do I keep Virtural hosts from seeing the others document root?
Date Mon, 07 Mar 2011 05:58:59 GMT
On 3/6/2011 2:43 PM, aaronrus@comcast.net wrote:
> I have apache2 running virtual hosts. Ive fingered out how to jail a 
> user that uploads files to the document root using jailkit and only 
> allow SFTP access. What I have not fingered out is how to keep a user 
> from reading other files on the system such as other virtual host 
> document roots by uploading a phpshell which runs under the www-data 
> user which is not jailed.

Maybe I'm not understanding the problem.  As I understand it, you dont 
want a user that has ftp access to one of your virtual hosts to be able 
to have read access to another of the virtual hosts.  What's the 
problem?  As I understand the question, this has everything to do with 
the security and setup of your ftp server and nothing to do with 
apache.  I have this very easily.  I use Bulletproof FTP server and I 
can easily allow a user ID whatever access and to whatever directories I 
want.  The two virtual servers have completely different document 
roots.  Let me give an example:

I have a virtual server that is xyz.org with a root of C:\Program 
Files\Apache Group\Apache2\htdocs\xyz.org
I have a second virtual server that is abc.info with a root of 
C:\Program Files\Apache Group\Apache2\htdocs\abc.info

In my ftp server, the user IDs that are there for access to xyz.org have 
no access above C:\Program Files\Apache Group\Apache2\htdocs\xyz.org and 
the user IDs that are there for access to abc.info have no access above 
C:\Program Files\Apache Group\Apache2\htdocs\abc.info

Did I just answer the question or am I completely missing the question?


-- 
73
-------------------------------------
Jim Walls - K6CCC
jim@k6ccc.org
Ofc:  818-548-4804
http://members.dslextreme.com/users/k6ccc/
AMSAT Member 32537 - WSWSS Member 395


Mime
View raw message