Hey,I have a problem regarding suPHP or my apache setup/design.
I'm trying to set up an ISP-style mass-webhosting solution (one server, several
webspaces). Each user gets his own system-user and home folder. No user should
be able to read the other users homefolder(webspace). It should look like this:
0750 user1:www-data user10640 user1:www-data user1/test.php0750 user2:www-data
user20640 user2:www-data user2/secretpw.php0640 user2:www-data user2/normal.html
The group-owner www-data is needed for apache, so that he can read normal
*.html pages.
Ok, now when somebody goes to test.php ...apache calls, suphp and suphp
executes the php-instance with the permissions user:user1 group:www-data. This
works! But now I can also do a "cat ../user2/secretpw.php" and see the other
users php-file because php is running with group:www-data...
So what did I do wrong? Where is my design failure? How can I fix this?
Is it possible with suphp only to take over the file-user-permissions?
What security-measures would you generally suggest for my configuration?
I'm really stuck here and there does not seem to be much information about this
on the internet.
Thank you very much for your help,Kurt
_______________________________________________
suPHP mailing list
[email protected]
https://lists.marsching.com/mailman/listinfo/suphp
