swiep
08-16-2006, 05:14 PM
Hi,
In a default DA installation it is possible for a user to run a simple php script inside his public_html directory whic can explore alot of server logs and even write to some.
How can i make sure a user is not allowed to run a script which accesses files outside his home directory?
Besides chmodding it to ??0 and making sure that users that need something are put into a group, how can you deal with programs you aren't sure of what access levels they should have?
For instance the mail related logs are things that can easily be 'secured' if you know which 'user/process' should have access.
I guess a better restriction should come from PHP but i am not sure how to handle this. Not requiring an instant and 'out-of-the-box' solution but merely a brainstorm since it just isn't something alot over here can handle by themselves.
Thanks for any reply you may have :)
I know there are alot of discussions about it already on this forum so i'll just make a list of relevant ones:
http://www.directadmin.com/forum/showthread.php?s=&threadid=2906&highlight=basedir
In a default DA installation it is possible for a user to run a simple php script inside his public_html directory whic can explore alot of server logs and even write to some.
How can i make sure a user is not allowed to run a script which accesses files outside his home directory?
Besides chmodding it to ??0 and making sure that users that need something are put into a group, how can you deal with programs you aren't sure of what access levels they should have?
For instance the mail related logs are things that can easily be 'secured' if you know which 'user/process' should have access.
I guess a better restriction should come from PHP but i am not sure how to handle this. Not requiring an instant and 'out-of-the-box' solution but merely a brainstorm since it just isn't something alot over here can handle by themselves.
Thanks for any reply you may have :)
I know there are alot of discussions about it already on this forum so i'll just make a list of relevant ones:
http://www.directadmin.com/forum/showthread.php?s=&threadid=2906&highlight=basedir