httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Montague <m...@catseye.org>
Subject Re: [users@httpd] Chroot a virtual host
Date Wed, 20 Apr 2011 17:25:00 GMT
  On April 19, 2011 19:47 , "--[ UxBoD ]--" <uxbod@splatnix.net>  wrote:
> I have noticed that when running Joomla, or in-fact any browsing capable PHP code, I
am able to navigate above my virtual host document root and look at other virtual host files.
>
> How would one stop this ? I have taken a look at mod_chroot but that does not seem to
work as ChrootDir can only be used in the main configuration and not in the VirtualHost directive.

As an alternative to chroot, you could use privilege separation to 
achieve what you want, setting up each virtual host to execute PHP code 
as a different user from all other virtual hosts' users.

There are many ways to implement privilege separation, see 
http://wiki.apache.org/httpd/PrivilegeSeparation    My favorite way is 
to use FastCGI, although I personally use mod_proxy_fcgi for this rather 
than mod_fcgid.

--
   Mark Montague
   mark@catseye.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message