Re: Apache and home directories (file browser).
From: Lewis Thompson (purple_at_lewiz.net)
Date: 02/16/04
- Previous message: Shawn Mitchell: "RE: Apache and home directories (file browser)."
- In reply to: Shawn Mitchell: "RE: Apache and home directories (file browser)."
- Next in thread: Andy Dills: "Re: Apache and home directories (file browser)."
- Reply: Andy Dills: "Re: Apache and home directories (file browser)."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 16 Feb 2004 21:44:38 +0000 To: Shawn Mitchell <shawnm@iodamedia.net>
On Mon, Feb 16, 2004 at 02:05:44PM -0600, Shawn Mitchell wrote:
> Their going to be logging in via a web interface (via HTTPS). From
> there they can upload files, delete, rename, etc, through their web
> browser.
Yes -- this is what I wanted :)
> Since all the files will have to be owned by the web services user
> (apache, wwwrun, nobody, whatever) so that the "legit" file management
> software can write/read/etc them, any software installed by Joe User,
> will have the same type of access.
This is also the worry I had. I've currently got Apache setup with
safe_mode enabled (but only for public_html dirs because I control the
rest of the scripts).
> Basically what he's asking, is how do you chroot VHOST's in apache.
> So that one vhost, can not access another vhosts files.
I think this is what I'm looking for, yes. Since I posted this I asked
some questions on IRC and somebody mentioned that Apache can be chrooted
to the uid of a script's owner (similar in a way to safe_mode in PHP).
This would surely then allow files to be read/written by Apache in a
secure fashion.
My worry here is that Apache would have to be running as root to
chroot -- can anybody confirm this for me? (Indeed, can anybody confirm
that it is even possible to do this?)
Thanks very much,
-lewiz.
-- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. ------------------------------------------------------------------------ -| msn:purple@lewiz.net | jabber:lewiz@jabber.org | url:www.lewiz.org |-
- application/pgp-signature attachment: stored
- Previous message: Shawn Mitchell: "RE: Apache and home directories (file browser)."
- In reply to: Shawn Mitchell: "RE: Apache and home directories (file browser)."
- Next in thread: Andy Dills: "Re: Apache and home directories (file browser)."
- Reply: Andy Dills: "Re: Apache and home directories (file browser)."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
