LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-08-2003, 08:38 PM   #1
hct224
Member
 
Registered: Jun 2003
Distribution: Redhat
Posts: 87

Rep: Reputation: 15
<HELP>Hosting virtual host on server


I have question about VHOST. Suppose I have 2 sites(named siteA & siteB), I want to put them in /home/allsites/siteA & /home/allsites/siteB inside each folder(siteA & siteB), I create 2 folders html and log. The html is the DocumentRoot and the error_log is where I store log file. Therfore, the httpd.conf configuration for virtual host will look like:
Code:
<VirtualHost *>
	DocumentRoot /home/allsites/siteA/html
	ServerName siteA.com
	ServerAlias www.siteA.com
	ErrorLog home/allsites/siteA/log/error_log
</VirtualHost>

<VirtualHost *>
	DocumentRoot /home/allsites/siteB/html
	ServerName siteB.com
	ServerAlias www.siteB.com
	ErrorLog home/allsites/siteB/log/error_log
</VirtualHost>
Now, I create 2 account userA for siteA and userB for siteB and they both have FTP access to their own site (/home/allsites/siteA & /home/allsites/siteB). I want userA & userB can only access to their site and they can not use any "hack script"(I mean *.php script) to access other directories or other sites which are on the same server. How do I setup httpd.conf file to do that job?

Thank you
 
Old 08-08-2003, 09:04 PM   #2
cyph3r7
Member
 
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238

Rep: Reputation: 30
You don't. Your httpd.conf snippet looks good for apache. For FTP you would have to edit the config for FTP to "jail" them to their home directories and when you create the accounts assign /home/allsites/siteA or /home/allsites/siteB as their home dir.
 
Old 08-08-2003, 09:53 PM   #3
hct224
Member
 
Registered: Jun 2003
Distribution: Redhat
Posts: 87

Original Poster
Rep: Reputation: 15
Thanks for the reply. I set FTP account for these sites correctly. However, my friend just give me a php script and he told me upload to either siteA or siteB and lauch web browser and type(for example siteA) http://www.siteA.com/thescript.php and from there I can explore entire my server Is there anyway to bock that script? I tried to set upper folder(I mean folder allsites own by other user and I receive error 403 when I type http://www.siteA(or www.siteB).com i hear that someone say do "chroot jail" but don't know how.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
virtual hosting setenv02 Linux - General 6 05-05-2005 02:35 AM
Virtual Hosting Thom_Redhat Fedora 0 01-14-2005 07:26 AM
About Virtual Host of Apache Server tommyliu Linux - General 5 06-17-2004 10:49 AM
Virtual hosting... id10t Linux - Networking 4 02-02-2004 05:43 PM
Virtual Hosting joseph Linux - General 3 08-20-2003 04:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration