Hello, I'm helping someone to install a webserver, and we're trying to make it a little secure. It's a Woody with Apache 1.3.26 and PHP 4.1.2. For the users we have a ProFTPd with mod_sql (the users are in the database).
Currently all the site are set to user www-data and when the user access with the FTP they are chrooted to their directory. My friend want me to activate quota for every site. So I think I must set each site with a real user as owner of the files. But with this, as Apache is launched as www-data, users must set their directory to 701 and files to 604, I'm right ? But in PHP, if they try to access other files from other usrers with eventually some password... they are able to. What kind of security can I use to avoid this ? Can we chroot the PHP (Yes I know it's a strange sentence :) ? Thanks to help me, and sorry for my (very) bad english. -- StarK - Abris 13 - Confrérie Dioxygen IRCNet : #O2 [EMAIL PROTECTED] / [EMAIL PROTECTED] abris13.org / http://www.dioxygen.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
