Would it be a problem to use mod_ruid with the interworx setup?
Are there also plans to chroot/jail every user?
Is it possible to set the umask on an interworx system by default at 600 for every new file and 700 for every new map?
So to include a command in the chroot env you have to use jk_cp
Normaly in a chroot env like this users can’t go away of the chroot env but as home is in the chroot, it means users might still look for others users’ file with php, but can’t run command not allow in the chroot (maybe false with this point)
Reason I’m asking is because one of our server was defaced. Every file that had main, home, default or index in a part of the filename on the entire system was defaced. So also core system files (outside the /home dir). It was a combination of a bug in a joomla module and the reason why the iworx team made a new kernel: http://www.interworx.com/forums/showthread.php?t=1530
Luckly we make rsync backups every day, so we could get everything working again, also with the help of the interworx team.
Could you tell me what do you like in mod_ruid ?
Does it run also php script under the uid/gid of the owner of the script ? is thta right ?
Advantage for you ? inconvenient ?
if you set the umask standard to 600 for files and 700 for directories and when you use mod_ruid than this prevents that users can overwrite files from each other.
So that hackers have “less fun” when they hack only one website.
Other advantage is that when a user installs a script, then chmod some files to 777 since apache has to get write privelages, the owner changes to apache and then the user can’t delete the files and maps and we have to delete these files for them.
[QUOTE=WebXtrA;9695]if you set the umask standard to 600 for files and 700 for directories and when you use mod_ruid than this prevents that users can overwrite files from each other.
So that hackers have “less fun” when they hack only one website.
Other advantage is that when a user installs a script, then chmod some files to 777 since apache has to get write privelages, the owner changes to apache and then the user can’t delete the files and maps and we have to delete these files for them.
That are the two main advantages.
Sorry for my late reply, was out of the office.
-R?mon[/QUOTE]
But do you run php as module or as cgi ?
Does it mean that the php script are run under the uid/gid of the owner of php script ?
I mean, normally you have to give read authority to all for a php script to able apache user to read and execute this script. With mod_ruid you mean that you can have a php script (and php as module) set to 600 ?