From: "Shlomi Fish" <[EMAIL PROTECTED]> > On Sat, 16 Mar 2002, Sagi Bashari wrote: > > > From: "mulix" <[EMAIL PROTECTED]> > > > > Well, Sagi proposed something that can be done with proftpd. Let's look > > > > into it first, and only then implement it as a CGI script. Are you OK > > with > > > > that? > > > > > > not entirely - i dont want a cgi script, and we already have an ftp > > > server installed - i dont want to maintain two of them. i'll look into > > > running another copy of whatever we have running in a chroot'd > > > environment later tonight. > > > > Just remember that if you just setup chroot'd ftp account, the user will > > still be able to run php/cgi scripts on the server unless you disable it in > > apache. > > > > Can we disable changing the permissions of a file in proftpd?
Probably, but that's not enough. PHP only needs to +r to execute. However, I'm pretty sure that you can block PHP/CGI access for specific path in Apache, or just allow/disallow uploading of specific file types in ProFTPD. Sagi ---------------------------------------------------------------------------- To unsubscribe, send a message to [EMAIL PROTECTED] Archives available at http://www.mail-archive.com/[email protected]/
