Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 13th November 2009, 03:09
snowfly snowfly is offline
Join Date: Jul 2006
Posts: 93
Thanks: 0
Thanked 7 Times in 5 Posts
Exclamation Apache2 virtual users and Chroot?

Anyone know if its possible to use virtual users (and virtualhosts) and chroot?

Currently I run multiple sites, using apache2, all under the same user (www-data).
And each virtualhost has:
php_admin_value open_basedir /xx/yy/user/zz

This is great for stopping users running php code on their site to try and read/write to other files outside their basedir.

BUT.... There is a big BUT....
This does not stop users uploading perl scripts (or similar), which can run, and of course read/write to files outside basedir, as the open_basedir is only for php scripts.

So in any perl, cgi, or whatever scripts, the user could potentionally cause major issues by running system commands that read, edit, or delete other files that exist under other virtualhosts!

So is it possible to run some sort of chroot inside each VirtualHost?
I looked at mod_chroot, but doesn't look possible.

Any suggestions?

Ideally I would like to stay using virtual users, instead of going down the path of creating system users for each site, normal apache chroot, etc.

Reply With Quote
Sponsored Links


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual Users With Postfix, PostfixAdmin, Courier, Mailscanner,Mailwatch CentOS 5.2 tecstream HOWTO-Related Questions 3 16th July 2008 23:10
Howto add programes to chroot users? badgerbox76 Server Operation 7 8th April 2008 23:21
Virtual users and domains... connection refused when testing w/ localhost Postman HOWTO-Related Questions 1 15th February 2007 11:02
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs mholownych HOWTO-Related Questions 10 29th May 2006 04:39
ssh chroot works, but no scp for chroot users zokahn HOWTO-Related Questions 5 30th January 2006 10:33

All times are GMT +2. The time now is 15:55.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.