httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [users@httpd] How do I keep Virtural hosts from seeing the others document root?
Date Sun, 06 Mar 2011 22:43:36 GMT
I have apache2 running virtual hosts. Ive fingered out how to jail a user that uploads files
to the document root using jailkit and only allow SFTP access. What I have not fingered out
is how to keep a user from reading other files on the system such as other virtual host document
roots by uploading a phpshell which runs under the www-data user which is not jailed. 

I could jail the www-data account but this would not prevent one virtual host from seeing
another using a phpshell since they would be in the same jail. 

what I think I need to do is run each virtural host under a different user account so I can
jail each separate. How would I set this up? can virtual hosts be run with different user

The reasoning behind this is I want to protect the PHP scripts from being viewed. 

Any suggestions or ideals if so send me some links to point me in the right direction. 


View raw message