Recommended way to restrict Apache users

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Dor on Server Fault See other posts from Server Fault or by Dor
Published on 2011-02-06T20:31:42Z Indexed on 2011/02/06 23:29 UTC
Read the original article Hit count: 289

Filed under:
|
|

Following on why should we restrict Apache users, another two questions arises:

  1. What is the recommended method of restricting the places Apache users can traverse & read in the file system?
  2. What to do against fork bombs and other shell scripting problems? (bash scripting is allowed)

My possible solutions (I prefer to know which solution you choose and why):

  1. chroot OR mod_chroot
  2. disable bash OR use Restricted BASH

Please offer another solutions if you find appropriate. (perhaps selinux is?)

Current status:

  • Users are allowed to executed bash scripts (via PHP for example)
  • suexec is active
  • Apache requested are served with FastCGI for PHP

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about linux

Related posts about apache

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle