----- Original Message ----- From: "mulix" <[EMAIL PROTECTED]>
> On Mon, Mar 11, 2002 at 10:40:03AM +0200, Sagi Bashari wrote: > > > You can just give them chrooted FTP account, set the shell to /bin/false, > > and disable PHP/CGI for those accounts, > > > > That way they'll only be able to upload static content , and not run > > anything on the server. > > is there a way to allow running dynamic content (i think php was > requested) without jeopardizing the server? You don't really jeopardizing the server, but they'll be able to read files and run commands as the user that apache runs on (apache/nobody). But they'll also be able to read other php/perl scripts, get the database settings, and than do whatever they want on the database, for example. PHP has "safe mode" feature that lets them only read files that they own, but last time I tried it it didnt work very well (it still created new files as nobody, for example). Another option , is running a virtual server with their own httpd server on it. However, you'll also need to allocate another IP address for that. Sagi ---------------------------------------------------------------------------- To unsubscribe, send a message to [EMAIL PROTECTED] Archives available at http://www.mail-archive.com/[email protected]/
