* Aiko Barz <[EMAIL PROTECTED]> [2006-09-28 10:59]: > Hi *, > > I use OpenBSD+Apache+Chroot for my webservices. The users can access > their vhosts by using scponly, which is chrooted into /var/www as > well. > /htdocs/www.example.net belongs to theuser:www and has the > permissions rwxr-x---. > > The issue: If my users start to install a php-Filebrowser, they are > able to access the other Webdirectories and could read config.php, > because they are doing it with the permissions of the webserver.
php safe mode and basedir (set per vhost of course) can help there. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
