Hi,
same problem here.
We use for every domain.tld and vhost.domain.tld own users.
/var/www/ - can be owned by root
doamin.tld/vhosts/ - owned by the domain.tld
user , domain.tld group
vhostname (e.g. www) owned by
vhost user, domain.tld group
+1 for parent check as parameter
Maybe to avoid this security problem the docroot paramter should be able
to understand regex, so in our case a docroot=/var/www/*/vhosts would be
enough to strengthen security.
Rgds,
Hans
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
