Date: Mon, 16 Feb 2004 21:44:38 +0000 From: Lewis Thompson <purple@lewiz.net> To: Shawn Mitchell <shawnm@iodamedia.net> Cc: isp@freebsd.org Subject: Re: Apache and home directories (file browser). Message-ID: <20040216214437.GC65551@lewiz.org> In-Reply-To: <HJEELFHCPNPOPDIOMAKBOEDJCDAA.shawnm@iodamedia.net> References: <Pine.BSF.4.44.0402161354460.38683-100000@thunder.xecu.net> <HJEELFHCPNPOPDIOMAKBOEDJCDAA.shawnm@iodamedia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--uZ3hkaAS1mZxFaxD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 16, 2004 at 02:05:44PM -0600, Shawn Mitchell wrote: > Their going to be logging in via a web interface (via HTTPS). From > there they can upload files, delete, rename, etc, through their web > browser. Yes -- this is what I wanted :) > Since all the files will have to be owned by the web services user > (apache, wwwrun, nobody, whatever) so that the "legit" file management > software can write/read/etc them, any software installed by Joe User, > will have the same type of access. This is also the worry I had. I've currently got Apache setup with safe_mode enabled (but only for public_html dirs because I control the rest of the scripts). > Basically what he's asking, is how do you chroot VHOST's in apache. > So that one vhost, can not access another vhosts files. I think this is what I'm looking for, yes. Since I posted this I asked some questions on IRC and somebody mentioned that Apache can be chrooted to the uid of a script's owner (similar in a way to safe_mode in PHP). This would surely then allow files to be read/written by Apache in a secure fashion. My worry here is that Apache would have to be running as root to chroot -- can anybody confirm this for me? (Indeed, can anybody confirm that it is even possible to do this?) Thanks very much, -lewiz. --=20 I was so much older then, I'm younger than that now. --Bob Dylan, 1964. ------------------------------------------------------------------------ -| msn:purple@lewiz.net | jabber:lewiz@jabber.org | url:www.lewiz.org |- --uZ3hkaAS1mZxFaxD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAMTnFItq0KFQv7T8RAmRzAKDHiQoWD8KYBzU4Ad7EnWg3ZqOJSACfcIUM 8uDc8+grcZrOyo0UXsb/B8s= =DpC7 -----END PGP SIGNATURE----- --uZ3hkaAS1mZxFaxD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040216214437.GC65551>