Recommended way to restrict Apache users

Posted by Dor on Server Fault See other posts from Server Fault or by Dor
Published on 2011-02-06T20:31:42Z Indexed on 2011/02/06 23:29 UTC
Read the original article Hit count: 293

Filed under:
|
|

Following on why should we restrict Apache users, another two questions arises:

  1. What is the recommended method of restricting the places Apache users can traverse & read in the file system?
  2. What to do against fork bombs and other shell scripting problems? (bash scripting is allowed)

My possible solutions (I prefer to know which solution you choose and why):

  1. chroot OR mod_chroot
  2. disable bash OR use Restricted BASH

Please offer another solutions if you find appropriate. (perhaps selinux is?)

Current status:

  • Users are allowed to executed bash scripts (via PHP for example)
  • suexec is active
  • Apache requested are served with FastCGI for PHP

© Server Fault or respective owner

Related posts about linux

Related posts about apache