Almir Karic wrote:
what i would like to achieve is that on a shared host if bad guys (tm)
break into one site they can't get to other sites.
is this possible? i've been looking at su-exec but it is for cgi
scripts only :/, what other options there are?
AFAIK chroot is not the correct answer to my question as it protects
the rest of the system from being exploited if one of the sites gets
cracked but it can't protect one site from another...
use a systrace-d shell, stsh. kind of a pain to get all the systrace
policies in place, but very effective at achieving what you're after.
cheers,
jake
