From owner-freebsd-isp@FreeBSD.ORG Mon Feb 16 14:31:17 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C6BF416A4CE for ; Mon, 16 Feb 2004 14:31:17 -0800 (PST) Received: from mg3.xecu.net (mg3.xecu.net [216.127.136.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id B04A143D1F for ; Mon, 16 Feb 2004 14:31:17 -0800 (PST) (envelope-from andy@xecu.net) Received: by mg3.xecu.net (Postfix, from userid 1003) id 738AF3DA350; Mon, 16 Feb 2004 17:31:16 -0500 (EST) Received: from thunder.xecu.net (thunder.xecu.net [216.127.136.208]) by mg3.xecu.net (Postfix) with ESMTP id 203243DA7FF; Mon, 16 Feb 2004 17:31:16 -0500 (EST) Date: Mon, 16 Feb 2004 17:31:13 -0500 (EST) From: Andy Dills To: Lewis Thompson In-Reply-To: <20040216214437.GC65551@lewiz.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: isp@freebsd.org Subject: Re: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 22:31:17 -0000 On Mon, 16 Feb 2004, Lewis Thompson wrote: > I think this is what I'm looking for, yes. Since I posted this I asked > some questions on IRC and somebody mentioned that Apache can be chrooted > to the uid of a script's owner (similar in a way to safe_mode in PHP). > This would surely then allow files to be read/written by Apache in a > secure fashion. > > My worry here is that Apache would have to be running as root to > chroot -- can anybody confirm this for me? (Indeed, can anybody confirm > that it is even possible to do this?) While you can chroot apache, that's serverwide, not per-virtualhost. If I were you and I wanted to do what you're talking about, I'd use suexec with perl scripts. AFAIK, that's the only way to do it correctly. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---