Results 1 to 2 of 2
  1. #1

    Solaris Zone - Apache security

    We're renting a Solaris Zone which we're running apache php and mysql on.

    We've got a number of virtual hosts set up and apache is running as user:group "nobody" I believe.

    What I found out was that I could open and toy with files in every other virtual host using php code running from a virtual host. That means any user can access any files another user has if he knows the username (unix username /home/$user/www).

    Now, this is currently not a big problem as we control all the websites on the server and our clients don't have access.

    However, it is very likely that some client want ftp access to upload files to his webroot at some point. I want to make sure the above problem is not a problem before clients request access.

    I was told the only way around this problem was if we ran suPHP, but that introduced another problem according to my source. One user could not run files in another users webroot at all anymore if suPHP was running.

    I thought that if both users had unix permission to the directories and files I wanted to share between two "virtual hosts" it would work, but I was told such is not the case.

    If anyone understands my problem and can verify that the information I have is correct and can or cannot be worked around I would appreciate it.

    Cheers!

  2. #2
    Join Date
    Dec 2002
    Location
    chica go go
    Posts
    11,876
    You can setup open_basedir restrictions when running mod_php.

    http://us2.php.net/features.safe-mode

    and no, you don't have to enable safe mode completely to use it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •