[CentOS] Apache User Isolation/Perchild, or PHP "chroot"?
Barry Brimer
lists at brimer.org
Wed May 2 12:04:28 UTC 2007
> Has anyone set up any form of apache user isolation on CentOS? I have
> multiple virtual hosts on my machine, run by users who do not trust
> eachother. The problem is that any php script run by apache is able to do
> things like raw file io on other users' .htpasswds, php scripts, hidden
> directory listings, and so on. Database passwords can even be divulged in
> this way, since they are often stored in .php scripts, which can be read
> "in the raw" as files by other php scripts.
>
> What is the easiest method for dealing with this? I found
> http://webauth.stanford.edu/manual/mod/perchild.html but it does not seem
> to be compiled with the CentOS 5 apache, and I've read elsewhere that php
> has issues with mutlithreaded apache. Is there any easy way to isolate
> individual users, by either having apache setuid, or chrooting php
> scripts, or (ugh) a clean way to run a new apache copy for each vhost?
There are a few links here discussing these issues. I have read them, but
not implemented them.
<http://www.linode.com/forums/viewtopic.php?t=2723>
Barry
More information about the CentOS
mailing list