preventing a user to start a process
mdff
nospam at mgedv.net
Tue Jul 26 05:11:44 GMT 2005
>
> Hello,
> is it possible to bar a user (www) from starting a process?
> I've a irc daemon running under the uid www. I think
> this was done by php. What would be the best way to prevent
> this (php should be remain usable)? I've installed ipfw rules,
> but this doesn't prevent the starting of the process.
>
jail the whole stuff and put only commands in there,
that are required. also, remove write permissions
almost everywhere, except where they are absolutely
needed. mount a mfs for example with noexec to allow
the webserver saving temp-files w/o executing stuff
from there. and use php-safe-mode as mentioned before ;-)
br
More information about the freebsd-isp
mailing list