-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi
You may find useful the apache's suEXEC wrapper, it can be configured to be used inside a virtualhost... http://httpd.apache.org/docs/suexec.html This won't work with php scripts if you have mod_php.so loaded ( the php interpreter will run as apache user ) but if load is not the problem you can run php scripts as cgis using php4 as external handler.. ( maybe only in the locations that user's php scripts could be dangerous ) have a look at: http://www-pat.fnal.gov/cern/mipsabi.html and: http://www.psoft.net/HSdocumentation/sysadmin/php_installation.html Just my two cents Victor On Tuesday 25 February 2003 10:15, debian-isp wrote: > Hi all ! > > I am just asking myself how to secure our webserver with a couple of > virtual hosts. Currently we have a large installation of typo3 running. It > has a feature called fileadmin with which you can easily upload files. As > it is thereby possible to upload php scripts and execute via the browser it > is to my opionion possible to access other users files. As the webserver > and the files all have the same user, needed by the system. Is there a way > to secure this: > > - chrooting virtual hosts in apache ? > - running multiple instances of apache > - some kind of security system with users and groups > - using directory settings ? > > Any ideas > > __________________________________________________________ > Nik Engel NETWAYS GmbH > Senior Systems Engineer Deutschherrnstr. 47a > Fon.0911/92885-13 D-90429 Nürnberg > Fax.0911/92885-33 > [EMAIL PROTECTED] www.netways.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+W1WNEzqHF8R72ekRAuhgAJ9Lnjc09t4RX/VHzggFsH1untbz7ACfTYwN t4rVOUI/OhUAJXLMifICoWo= =de0N -----END PGP SIGNATURE-----
