ACL/MAC for shared host
Josh
bsd at kajs.co.nz
Thu Jul 12 07:13:17 UTC 2007
Hello there.
I have apache running php-cgi via fastcgi and suexec on a shared system.
Each vhost has a SuexecUserGroup set to the user/group of normal system
account ( which does not have shell access ) which owns the vhost.
Now. I was wondering what the best way of using MAC/ACL's to stop a
uid:gid ( Suexec user/group ) from being able to run anything other than
what php has to use, eg, so from php it cannot run system("ls /etc") or
such like.
Anyone done this before?
It seems to be that not many people seem to care about php security on a
shared host.
Any comments at all would be appriciated.
Cheers, Josh
More information about the freebsd-questions
mailing list