logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: confine directories
Author
DeliriumServers



Joined: 17 Jun 2006
Posts: 54
Location: H Town
PostPosted: Sun 23 Jul '06 7:23    Post subject: confine directories Reply with quote
Ok, I have mod_vd working, but now I need to find out how to limit directories. I have domain folders inside of net,com,org folders. These domain folders should not be allowed to interect with each other. Say a client uploads a file management script, they should not be able to access the other user folders, or write to them in any way. I have my php base directory set to the directory holding the net,com,org folders. I think this would be a job for mod_security, but I have no idea how to do it.

Thanks!
Delirium
Back to top
pnllan



Joined: 05 Dec 2005
Posts: 221
PostPosted: Sun 23 Jul '06 8:48    Post subject: Reply with quote
Here's a fairly well written page from the Apache manual:

http://httpd.apache.org/docs/2.2/howto/auth.html

The information on this page will give you the basics

After reading the info on that page check out the section Authorization (Related Modules and Directives | Authorization (see the Require directive)) near top of the page, and read about the capabilities of the various mods listed. I don't know if mod-security is the right way to go or not - maybe someone else can comment on it's use in a situation like this.
Back to top
DeliriumServers



Joined: 17 Jun 2006
Posts: 54
Location: H Town
PostPosted: Sun 23 Jul '06 18:32    Post subject: thanks Reply with quote
thanks, I gave the page a read.

however, that looks like passwording and creating users for directories. I'm looking for something that will prevent scripts from escaping their directories and affecting other folders.

thanks.
delirium
Back to top
DeliriumServers



Joined: 17 Jun 2006
Posts: 54
Location: H Town
PostPosted: Mon 31 Jul '06 22:42    Post subject: Reply with quote
bump?

Admin note:
We are not "bumping" here. In no way can we press Apacherians to help.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7294
Location: Germany, Next to Hamburg
PostPosted: Mon 31 Jul '06 23:08    Post subject: Re: thanks Reply with quote
DeliriumServers wrote:

I'm looking for something that will prevent scripts from escaping their directories and affecting other folders.


Than you should ask in a forum for your scripting language. if you code your self, you can prevent that by coding. If others code there are different solutions.
e.g. For PHP you can set open_basedir in php.ini
DeliriumServers wrote:

bump?

Sorry that we help in your rare spare time.... Wink
Back to top
DeliriumServers



Joined: 17 Jun 2006
Posts: 54
Location: H Town
PostPosted: Mon 31 Jul '06 23:27    Post subject: Reply with quote
Sorry about any rudeness. I was just wondering if anyone knew how to do this. I decided to ask here because I was not looking for a language specific directive but one that would control all scripts running through apache.

Thank you for your time,
Delirium

I will note in the future that bump is an offensive thing.
Back to top


Reply to topic   Topic: confine directories View previous topic :: View next topic
Post new topic   Forum Index -> Apache