I have apache2 running virtual hosts. Ive fingered out how to jail a user that uploads files to the document root using jailkit and only allow SFTP access. What I have not fingered out is how to keep a user from reading other files on the system such as other virtual host document roots by uploading a phpshell which runs under the www-data user which is not jailed.
I could jail the www-data account but this would not prevent one virtual host from seeing another using a phpshell since they would be in the same jail. what I think I need to do is run each virtural host under a different user account so I can jail each separate. How would I set this up? can virtual hosts be run with different user accounts? The reasoning behind this is I want to protect the PHP scripts from being viewed. Any suggestions or ideals if so send me some links to point me in the right direction. Thanks Aaron
