I think you can setup chrooted logins for uploading files: your chroot will run sshd (proftpd?) and users will have their homes in chroot to. Play with home directory permisions so they have no possibility access files they don't own.
Another way is let people upload files to other location than your chroot. So users will upload files, and your script every 5 min. will copy files to right location on your chroot. But then you need "smart" script which will not copy files in time of upload, I mean you need some lock-file system. Regards, Martynas An, 2003-02-25 11:15, debian-isp rašė: > Hi all ! > > I am just asking myself how to secure our webserver with a couple of virtual hosts. > Currently we have a large installation of typo3 running. It has a feature called > fileadmin with which you can easily upload files. As it is thereby possible to > upload php scripts and execute via the browser it is to my opionion possible to > access other users files. As the webserver and the files all have the same user, > needed by the system. > Is there a way to secure this: > > - chrooting virtual hosts in apache ? > - running multiple instances of apache > - some kind of security system with users and groups > - using directory settings ? > > Any ideas > > __________________________________________________________ > Nik Engel NETWAYS GmbH > Senior Systems Engineer Deutschherrnstr. 47a > Fon.0911/92885-13 D-90429 Nürnberg > Fax.0911/92885-33 > [EMAIL PROTECTED] www.netways.de > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
