Cool. Can I buy an account? hint: server side includes, suexec...... Really
really bad idea to let users modify a config for something that starts life
running as root. Plus I could "steal" other user's sites possibly, break the
config, etc. Keep the conf files in a location only you can modify (why the
heck would you let users modify their stuff anyways?).
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
----- Original Message -----
From: "Boris Kimel"
Hello suse-security List Members,
Our SuSE box users want to have their own virtual www-servers. I've set up ProFTPD with chroot to user's home directory. The probable setup for the www will be using /home/<user>/www/ structure, where I intend to put a small config file (included into main apache config) and the log files will be there too. Will I face any security issues with such a setup? Are there any other approaches?
-- Best regards, Boris mailto:kimel@1303.ru
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com