Date: Tue, 29 Jul 2003 18:12:04 +0100 From: =?iso-8859-1?Q?Marco_Gon=E7alves?= <marco@aces.pt> To: "FreeBSD ISP List" <freebsd-isp@freebsd.org> Subject: Virtual Hosting Security Message-ID: <007d01c355f4$8e54a900$6b026b83@marco>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0079_01C355FC.EA2BBB80
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Dear ISP collegues,
we are runing a couple of servers with FreeBSD that are serving multiple =
domains (virtual hosting) runing all comon services (web, email, dns, =
ftp, etc)
We run Apache as www user and www group and the common layout for the =
web directory is
/home/user1/www/
/home/user2/www/
/home/user3/www/
where the permissions on each home directory (user1, user2, etc) is=20
r-xrwx--- www usergroup
apache can enter in the directory and also group users members. So we =
can give ssh acess to users, that the user can only enter in his own =
directory and cannot browse other user directories
the problem is that we offer php4 as a mod_php4 for Apache and even =
though we didnt had (yet) no problem in theory is ease to set up a php =
script using filesystem functions to run, list and view file contents of =
other users...cause the script is runing as www user and this user has =
permissions to enter/read all users www directory.... how can i fix =
this? must i use suexec? does it run properly? do i have to put php as =
cgi only? what is the tradeoff in performance?
Other thing (maybe this shoul be on other email...) we are developping =
our own control panel, and for system password we are using a PHP script =
that uses poppassd on port 106 that does all the work. The problem is =
that i have to run poppasswd from inetd, and this sucks specially cause =
its the only service that i need inetd... can i run it from tcpserver? =
How? Where can i found good info on this (the documentation on =
DBernstein site really sucks for a not so experienced sys admin like =
me)? Is it safe (poppassd i mean)?
Well sorry for this huge mail and thanx in advance for all answers.
Best Regards,
=20
Marco Gon=E7alves
Respons=E1vel Desenvolvimento
marco.goncalves@aces.pt
-------------------------------------------------------------------------=
--------
Lisboa / Sul
Rua de S=E3o Jos=E9, 149/159, Pisos 2 e 3
1169-115 Lisboa
N=FAmero =DAnico: 707 22 10 40
Fax 21 342 18 03
www.aces.pt=20
-------------------------------------------------------------------------=
--------
------=_NextPart_000_0079_01C355FC.EA2BBB80--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007d01c355f4$8e54a900$6b026b83>