Recommended way to restrict Apache users
Posted
by
Dor
on Server Fault
See other posts from Server Fault
or by Dor
Published on 2011-02-06T20:31:42Z
Indexed on
2011/02/06
23:29 UTC
Read the original article
Hit count: 293
Following on why should we restrict Apache users, another two questions arises:
- What is the recommended method of restricting the places Apache users can traverse & read in the file system?
- What to do against fork bombs and other shell scripting problems? (bash scripting is allowed)
My possible solutions (I prefer to know which solution you choose and why):
- chroot OR mod_chroot
- disable bash OR use Restricted BASH
Please offer another solutions if you find appropriate. (perhaps selinux is?)
Current status:
- Users are allowed to executed bash scripts (via PHP for example)
- suexec is active
- Apache requested are served with FastCGI for PHP
© Server Fault or respective owner