View Single Post
  #3  
Old 20th June 2009, 06:13
exabytes18 exabytes18 is offline
Junior Member
 
Join Date: Jun 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Does that leave permissions to restrict access then? I'm not exactly sure how this works, so bare with me.

So, apache runs as usual. When a php script is executed, apache calls suphp (or suexec) which launches php under the respective user id. PHP then interprets the script. Now assuming permissions are set somewhat intelligently, doesn't that leave some "sensitive" files readable like /etc/passwd and the like?

I like the peace of mind of knowing that users are jailed within their directory and able to frolic all they want without harming any part of the system. Is there anyway to provide this level of security within ISPConfig?

Thanks,
Matt
Reply With Quote