Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Users' WWW servers setup
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Fri, 1 Feb 2002 00:44:05 -0700
  • Message-id: <007b01c1aaf4$39908800$6400030a@xxxxxxxxxxxx>
Cool. Can I buy an account? hint: server side includes, suexec...... Really
really bad idea to let users modify a config for something that starts life
running as root. Plus I could "steal" other user's sites possibly, break the
config, etc. Keep the conf files in a location only you can modify (why the
heck would you let users modify their stuff anyways?).


Kurt Seifried, kurt@xxxxxxxxxxxx
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/


----- Original Message -----
From: "Boris Kimel" <kimel@xxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Friday, February 01, 2002 12:43 AM
Subject: [suse-security] Users' WWW servers setup


> Hello suse-security List Members,
>
> Our SuSE box users want to have their own virtual www-servers. I've
> set up ProFTPD with chroot to user's home directory. The probable
> setup for the www will be using /home/<user>/www/ structure, where I
> intend to put a small config file (included into main apache config)
> and the log files will be there too. Will I face any security issues
> with such a setup? Are there any other approaches?
>
> --
> Best regards,
> Boris mailto:kimel@xxxxxxx
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>


< Previous Next >
References