Hello On Tue, Feb 25, 2003 at 10:15:15AM +0100, debian-isp wrote: > - chrooting virtual hosts in apache ?
We had great success with a tiny tool called sbox. All CGI/PHP requests are rewritten to "/cgi-bin/sbox?..." This sbox then looks to the files owner and changes it's uid to the one (if it's !=0). It also chroot's to the DocumentRoot. As PHP is run as CGI as well, everything except plain .html is executed with the uid of the ftp root's owner. This is by far the most secure (PHP-capable) setup I know. Except user-mode-linux maybe :) Some limitations: - .shtml and some .htaccess options are not allowed though, but you can live without. - PHP will be slower of course but fast hardware is cheap enough. bye, -christian- P.S.: Look at the archives, we had this discussion some times now..
