Security Basics mailing list archives
Apache: limiting the execution place
From: "Nebi Gurbanov" <nebi () itu edu tr>
Date: Mon, 16 Jun 2003 16:39:45 +0300
Greetings, I want to know your opinions for the case below; I have severel users whose home directories lay in /home directory . Each user has a public_html directory in his/her home directory ,like ; /home/user_name/public_html Permissions of directories "user_name" and "public_html" must be at least 701 , so that web pages can be viewed . But there is another case , any of the users can "cd" to parent directory (/home in this case) , and then to "another_usersname" directory (which is home directory of any other user), and then to public_html and can view all the readable file in public_html (even in "another_usersname" directory). It can also be done via php and cgi (Ok,I know setting "safe mode on" in php will prevent it, but I want a global solution). What I want to do is preventing one user from getting into another user's home directory and reading his/her files . Has anybody ever made a design that does the thing I want to have !? Thanx .. --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Apache: limiting the execution place Nebi Gurbanov (Jun 16)
- Re: Apache: limiting the execution place Chris Ess (Jun 16)
- Re: Apache: limiting the execution place Boris Dragovic (Jun 16)
- Re: Apache: limiting the execution place exon (Jun 17)
- Re: Apache: limiting the execution place Jonas Acres (Jun 17)
- Re: Apache: limiting the execution place exon (Jun 18)
- Re: Apache: limiting the execution place Tim Greer (Jun 18)
- Re: Apache: limiting the execution place Tim Greer (Jun 17)
- Re: Apache: limiting the execution place Chris Ess (Jun 16)