On Thursday 02 August 2007 08:54:21 am Martin Gysel wrote: > I have a webserver running for multiple 'endusers'. No I want to give > some costumers access to certain files as user WEBSERVER for easy > editing configuration file owned by the webserver. > > it should do something like jail the user to > /var/www/vhosts/DOMAIN/httpdocs/DIRtoFILES and let him perform some > commands (rm, less, nano, etc) there as user WEBSERVER.
As long as WEBSERVER isn't root, you should be able to use a combination of sudo/su and chroot. There are some ways to escape a chroot, but I *think* they all depend on being root inside the chroot, or exploiting other service running outside the chroot. (E.g. if connections from localhost are "trusted".) -- Boyd Stephen Smith Jr. ,= ,-_-. =. [EMAIL PROTECTED] ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.org/ \_/
pgpOJywobtH7X.pgp
Description: PGP signature
