TLUG Mailing List

Mailing List Archive

tlug.jp Mailing List tlug archive tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] Prevent access shared server using PHP

Date: Wed, 02 Mar 2011 00:01:20 +0900

From: Pietro Zuco <pietro@example.com>

Subject: [tlug] Prevent access shared server using PHP

Organization: zuco.org

User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
Hi there

I got a VPS server with some limitations but it's cheap and powerful :)
I can't setup SElinux, I can't create encrypted file systems and I can'tcreate nested virtual instances on it.
The same server will be used as production and pre-prod, so developerswill be able to login by ssh/sftp/svn to update webfiles only. They arefree to do whatever they want on pre-prod sites but final changes onproduction will be done by me.
My concern is about PHP. It's easy to restrict users access to certainfolders by a good group/permission policy and also ssh-jail them butApache will be the final user of those PHP scripts and Apache userdoesn't have the same restrictions as a limited user. It can browsewhatever is browsable for a common generic user.
Any suggestion to prevent this scenario?

Thanks!

Cheers

Pietro


--
- Pietro Zuco

- http://zuco.org
- http://freelex.eu
- Twitter: @drzuco
Follow-Ups:

Re: [tlug] Prevent access shared server using PHP
From: Darren Cook

Re: [tlug] Prevent access shared server using PHP
From: Edmund Edgar

Re: [tlug] Prevent access shared server using PHP
From: Edward Middleton

Re: [tlug] Prevent access shared server using PHP
From: Francois Cartegnie

Prev by Date: Re: [tlug] Coverity Scan

Next by Date: Re: [tlug] Prevent access shared server using PHP

Previous by thread: Re: [tlug] Coverity Scan

Next by thread: Re: [tlug] Prevent access shared server using PHP

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links