httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aaron...@comcast.net
Subject [users@httpd] How do I keep Virtural hosts from seeing the others document root?
Date Sun, 06 Mar 2011 22:43:36 GMT
I have apache2 running virtual hosts. Ive fingered out how to jail a user that uploads files
to the document root using jailkit and only allow SFTP access. What I have not fingered out
is how to keep a user from reading other files on the system such as other virtual host document
roots by uploading a phpshell which runs under the www-data user which is not jailed. 

I could jail the www-data account but this would not prevent one virtual host from seeing
another using a phpshell since they would be in the same jail. 

what I think I need to do is run each virtural host under a different user account so I can
jail each separate. How would I set this up? can virtual hosts be run with different user
accounts? 

The reasoning behind this is I want to protect the PHP scripts from being viewed. 

Any suggestions or ideals if so send me some links to point me in the right direction. 

Thanks 
Aaron 

Mime
View raw message