-
Apache Security Issues
What is the best way to secure apache?
If you add a hosted account user lets say Bob.
His domain is 123.com.
So you chroot him to /home/123.com/www, and the directory is owned by bob:nobody, but is that the safest way ?
By having nobody as the group, couldn't everyone possibly see others info ? ( not from ftp because of chroot) but via scripts etc ?
I have read some stuff about apache running an suexec or something, but am not sure...
Thanks
-
uhm... what is the path to your main site? /home/mainsite.com/www/? Are you running just once apache binary or multiple apache binaries?
-
I am running 1 binary...multiple domains.
-
http://httpd.apache.org/docs/misc/security_tips.html
Short version - if they can execute cgi, you can't w/o jail.