Re: Apache+PHP+ftp security
From: Mailinglists Address (mailinglist_at_expresshosting.net)
Date: Tue, 29 Mar 2005 22:15:46 -0600 To: abend <email@example.com>
>In order to solve my problem, my questions are:
>- Can i run apache's child processes with an arbitrary user
>(configured in a VirtualHost basis)? This solve the second problem,
>but is this a good idea?
>- Does anyone know how to do the first configuration works as
>expected? This solves the problem (safe_mode not needed).
>- any other ideas?
As someone else has already suggested, proftpd already provides an
excellent chroot enviroment for ftp (and also does not require
duplicated binaries as some old versions of ftpd required; wu-ftpd comes
to mind). Couple that with the fact that you can also configure proftpd
to allow users with invalid shells to login to ftp while preventing
login to other services (ssh, telnet, etc.) it seems like a good fit.
DefaultRoot ~ groupname
Couple that solution with correct usage of PHP's open_basedir within the
vhost's configuration in apache and that should provide you the level of
seperation you are looking for.
php_admin_value open_basedir "/home/example/:/tmp"
Also as an additional security measure you might want to mount your /tmp
as a partition set with noexec to prevent any of your clients from using
an application that has potential remote exploits in circulation (a
certain combination of PHPNuke with the Coppermine gallery has
personally caused me some problems last year on a vhost server).
Some things I thought I would pass along.