From owner-freebsd-isp@FreeBSD.ORG Tue Jul 29 10:12:57 2003 Return-Path: <owner-freebsd-isp@FreeBSD.ORG> Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 330DB37B401 for <freebsd-isp@freebsd.org>; Tue, 29 Jul 2003 10:12:57 -0700 (PDT) Received: from ns.aces.pt (ns.aces.pt [195.22.10.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 880CA43F93 for <freebsd-isp@freebsd.org>; Tue, 29 Jul 2003 10:12:53 -0700 (PDT) (envelope-from marco@aces.pt) Received: from marco (nor098.esoterica.pt [195.22.19.98] (may be forged)) by ns.aces.pt (8.10.2/8.10.2) with SMTP id h6TH7UZ22071 for <freebsd-isp@freebsd.org>; Tue, 29 Jul 2003 18:07:32 +0100 Message-ID: <007d01c355f4$8e54a900$6b026b83@marco> From: =?iso-8859-1?Q?Marco_Gon=E7alves?= <marco@aces.pt> To: "FreeBSD ISP List" <freebsd-isp@freebsd.org> Date: Tue, 29 Jul 2003 18:12:04 +0100 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0079_01C355FC.EA2BBB80" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Virtual Hosting Security X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers <freebsd-isp.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>, <mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp> List-Post: <mailto:freebsd-isp@freebsd.org> List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>, <mailto:freebsd-isp-request@freebsd.org?subject=subscribe> X-List-Received-Date: Tue, 29 Jul 2003 17:12:57 -0000 This is a multi-part message in MIME format. ------=_NextPart_000_0079_01C355FC.EA2BBB80 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dear ISP collegues, we are runing a couple of servers with FreeBSD that are serving multiple = domains (virtual hosting) runing all comon services (web, email, dns, = ftp, etc) We run Apache as www user and www group and the common layout for the = web directory is /home/user1/www/ /home/user2/www/ /home/user3/www/ where the permissions on each home directory (user1, user2, etc) is=20 r-xrwx--- www usergroup apache can enter in the directory and also group users members. So we = can give ssh acess to users, that the user can only enter in his own = directory and cannot browse other user directories the problem is that we offer php4 as a mod_php4 for Apache and even = though we didnt had (yet) no problem in theory is ease to set up a php = script using filesystem functions to run, list and view file contents of = other users...cause the script is runing as www user and this user has = permissions to enter/read all users www directory.... how can i fix = this? must i use suexec? does it run properly? do i have to put php as = cgi only? what is the tradeoff in performance? Other thing (maybe this shoul be on other email...) we are developping = our own control panel, and for system password we are using a PHP script = that uses poppassd on port 106 that does all the work. The problem is = that i have to run poppasswd from inetd, and this sucks specially cause = its the only service that i need inetd... can i run it from tcpserver? = How? Where can i found good info on this (the documentation on = DBernstein site really sucks for a not so experienced sys admin like = me)? Is it safe (poppassd i mean)? Well sorry for this huge mail and thanx in advance for all answers. Best Regards, =20 Marco Gon=E7alves Respons=E1vel Desenvolvimento marco.goncalves@aces.pt -------------------------------------------------------------------------= -------- Lisboa / Sul Rua de S=E3o Jos=E9, 149/159, Pisos 2 e 3 1169-115 Lisboa N=FAmero =DAnico: 707 22 10 40 Fax 21 342 18 03 www.aces.pt=20 -------------------------------------------------------------------------= -------- ------=_NextPart_000_0079_01C355FC.EA2BBB80--