Apache and home directories (file browser).
Lewis Thompson
purple at lewiz.net
Mon Feb 16 13:44:41 PST 2004
On Mon, Feb 16, 2004 at 02:05:44PM -0600, Shawn Mitchell wrote:
> Their going to be logging in via a web interface (via HTTPS). From
> there they can upload files, delete, rename, etc, through their web
> browser.
Yes -- this is what I wanted :)
> Since all the files will have to be owned by the web services user
> (apache, wwwrun, nobody, whatever) so that the "legit" file management
> software can write/read/etc them, any software installed by Joe User,
> will have the same type of access.
This is also the worry I had. I've currently got Apache setup with
safe_mode enabled (but only for public_html dirs because I control the
rest of the scripts).
> Basically what he's asking, is how do you chroot VHOST's in apache.
> So that one vhost, can not access another vhosts files.
I think this is what I'm looking for, yes. Since I posted this I asked
some questions on IRC and somebody mentioned that Apache can be chrooted
to the uid of a script's owner (similar in a way to safe_mode in PHP).
This would surely then allow files to be read/written by Apache in a
secure fashion.
My worry here is that Apache would have to be running as root to
chroot -- can anybody confirm this for me? (Indeed, can anybody confirm
that it is even possible to do this?)
Thanks very much,
-lewiz.
--
I was so much older then, I'm younger than that now. --Bob Dylan, 1964.
------------------------------------------------------------------------
-| msn:purple at lewiz.net | jabber:lewiz at jabber.org | url:www.lewiz.org |-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-isp/attachments/20040216/f4061426/attachment.bin
More information about the freebsd-isp
mailing list