PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Fri Sep 20, 2019 10:44 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Sun Oct 04, 2009 11:16 pm 
Offline
Forum Newbie

Joined: Fri Sep 04, 2009 11:43 pm
Posts: 18
Location: Canton.China
hi,all,i am configurating my vhost system,when users register and apply for a virtual host space ,users can get ftp and mysql accounts ,and they also are able to run websites on my server based on LAMP and pure-ftpd ,ubuntu server 8.04.
But some system security appears when i have following steps done.
First,i apply for a vhost spaces named "test" on the server.
Secondly , upload a file hack.php to the space.
Last,edit the hack.php: <?php
umask(0);
mkdir("/var/www/foolish",0777);
?>
when i try to run this script by typing "test.domain.com/hack.php" in my browser,a folder name "foolish" appears in my DocumentRoot.
wat should i do about distributting permissions between my apache2 and pure-ftpd users?Hopes anyone would help mee,thanks! :o


Top
 Profile  
 
PostPosted: Tue Oct 06, 2009 3:52 am 
Offline
Forum Newbie

Joined: Fri Sep 04, 2009 11:43 pm
Posts: 18
Location: Canton.China
is there nobody knows how to do with it ? :(


Top
 Profile  
 
PostPosted: Tue Oct 06, 2009 3:37 pm 
Offline
Forum Commoner

Joined: Mon Aug 10, 2009 8:32 am
Posts: 85
Location: South East, UK
I've spent a few minutes on Google and not found a quick and easy solution: it doesn't look like you can have a different user running each vhost in a single apache installation. (But I could be wrong.)
So I think you'd have to go with multiple daemons, each running as the user whose access you want to limit.


Top
 Profile  
 
PostPosted: Wed Oct 07, 2009 12:20 am 
Offline
Forum Newbie

Joined: Fri Sep 04, 2009 11:43 pm
Posts: 18
Location: Canton.China
Thanks robnet,
After doing much homework on it,i've found that the module Suexec belongs to apache can help me,this module can "have Apache execute CGI scripts as the owner of the script" .Suggest u to have a glance of it . :D


Top
 Profile  
 
PostPosted: Fri Oct 23, 2009 11:19 pm 
Offline
Forum Newbie

Joined: Thu Jan 15, 2009 7:05 am
Posts: 19
Or you can apply open_basedir restriction on your PHP configuration to limit the accessible directories.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group