Hi *,
I use OpenBSD+Apache+Chroot for my webservices. The users can access
their vhosts by using scponly, which is chrooted into /var/www as
well.
/htdocs/www.example.net belongs to theuser:www and has the
permissions rwxr-x---.
The issue: If my users start to install a php-Filebrowser, they are
able to access the other Webdirectories and could read config.php,
because they are doing it with the permissions of the webserver.
Write access would be possible as well, since some parts need to have
write access.
I started to patch suExec to make it handle *.php and to make it
chroot-ready, but I wasn't successful so far. suPHP seems to have
issues with 1.3.29 and ordering new IP-addressese for having multible
webserver intances seems to be difficult.
Any hints appreciated,
Aiko
--
:wq
