Results 1 to 7 of 7
-
03-31-2004, 08:36 AM #1Newbie
- Join Date
- Oct 2003
- Posts
- 20
Web Shared Server, Security Problems,
Hey,
I'm running some web shared servers without any CP,
The apache web server runs with user/group nobody/nobody
each virtual host points to a specific ftp account for each one of my customers,
of course, I must give read/write access to the 'other' group so apache will be able to read/write,
My problem is that one customer can actually access other customer's directory as wells (due to the fact that all sites has permissions to read from each other because of the Apache requirements)
It is possible to declare in php an "open_basdir" which is great but still all sites must be under this directory,
Is there any way to create a base_dir per virtual host somehow?
Or maybe there's any other way to lock a site only in its directory ?
Thanks
-
03-31-2004, 09:10 AM #2Junior Guru Wannabe
- Join Date
- Mar 2004
- Location
- Belgium
- Posts
- 81
Set open_basedir in your apache configfile per vhost.
-
03-31-2004, 09:21 AM #3Newbie
- Join Date
- Oct 2003
- Posts
- 20
Except the DocumentRoot?
What is the directive?
And damn, I also use the rewrite module to create automatic sites decleration without any virtual host needs, there for sure I won't be able to set this directive,
But anyway, I'll be glad if you'll name it
thanks.
-
03-31-2004, 10:18 AM #4Web Hosting Master
- Join Date
- Jun 2003
- Posts
- 673
-
03-31-2004, 11:24 AM #5Web Hosting Master
- Join Date
- Jan 2003
- Location
- Lake Arrowhead, CA
- Posts
- 789
Openbasedir only applies to PHP, so there are still some things remaining:
My problem is that one customer can actually access other customer's directory as well
Your FTP server should be setup to jail the user to their home directory. If you allow CGI, you'll need to secure that Apache suExec.
If you allow shell or other methods of access to your server, user, group and file permissions become a much bigger issue and you really need to use suPHP and Apache suExec to make sure users can only read/write their own files.http://www.srohosting.com
Stability, redundancy and peace of mind
-
03-31-2004, 03:32 PM #6Newbie
- Join Date
- Oct 2003
- Posts
- 20
Nah,
It's not about the FTP server, all users are chrooted to their dir,
The problem is only with PHP, but I solved it by using php's open_basedir directive per virtual site,
thanks
-
03-31-2004, 08:32 PM #7Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Originally posted by SROHost
If you allow shell or other methods of access to your server, user, group and file permissions become a much bigger issue and you really need to use suPHP and Apache suExec to make sure users can only read/write their own files.Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance