LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-13-2009, 09:45 AM   #1
deploy_update
LQ Newbie
 
Registered: Aug 2009
Posts: 5

Rep: Reputation: 0
Apache rewrite for Virtual Hosts


I have just started working with our hosting servers and I have run into a problem. We have a LAMP server with CPanel to manage our hosting accounts.



If the host server has a domain dev1.hostserver.com

You can access any hosted account (virtual host) by using the virtual host's home dir (ex vhost1)

dev1.hostserver.com/~vhost1

This is the way its intended to work for displaying that website.

But here is the problem we are running into.

when we attach a domain to the Vhost to get it out of development and push it live ... (www.vhost1-full-url.com)

you can use the ~ syntax to go to any other of our virtual host accounts if you know the user dir.

Ex: www.vhost1-full-url.com/~vhost2
www.vhost1-full-url.com/~vhost3 etc.


This to me is very bad. How can I prevent this from happening ?
 
Old 08-13-2009, 10:19 AM   #2
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by deploy_update View Post
I have just started working with our hosting servers and I have run into a problem. We have a LAMP server with CPanel to manage our hosting accounts.



If the host server has a domain dev1.hostserver.com

You can access any hosted account (virtual host) by using the virtual host's home dir (ex vhost1)

dev1.hostserver.com/~vhost1

This is the way its intended to work for displaying that website.

But here is the problem we are running into.

when we attach a domain to the Vhost to get it out of development and push it live ... (www.vhost1-full-url.com)

you can use the ~ syntax to go to any other of our virtual host accounts if you know the user dir.

Ex: www.vhost1-full-url.com/~vhost2
www.vhost1-full-url.com/~vhost3 etc.


This to me is very bad. How can I prevent this from happening ?
run apache as nobody


Code:
chmod 711 ~userdir
 
Old 08-13-2009, 11:41 AM   #3
deploy_update
LQ Newbie
 
Registered: Aug 2009
Posts: 5

Original Poster
Rep: Reputation: 0
Thank you for the quick reply. The user dir is already set to 711 as well as the public_html. We use mod_php suPHP so that it will switch to the user when Apache loads the dir. You can still view any home dir from any of our vhost domain names with /~ if you know the home dir. This even works if the domain name is on a different IP because of an SSL (hosted on the same server)

Is there anything else I can do or try?
 
Old 08-14-2009, 02:51 AM   #4
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by deploy_update View Post
Thank you for the quick reply. The user dir is already set to 711 as well as the public_html. We use mod_php suPHP so that it will switch to the user when Apache loads the dir. You can still view any home dir from any of our vhost domain names with /~ if you know the home dir. This even works if the domain name is on a different IP because of an SSL (hosted on the same server)

Is there anything else I can do or try?
if the directory is set to 711, a web user can change into it but not view anything. Oh ok, so apache switches to the user, so it looks like it assumes the rwx part of the permissions.
Sounds pretty dangerous to me. A web user that can assume the id of a regular user. I think maybe selinux can help here...
Not sure...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache virtual host, rewrite & proxy question NickDeGraeve Linux - Server 8 02-02-2009 07:09 PM
Apache Virtual Hosts jarrell Linux - Server 6 07-16-2007 11:10 AM
vsftpd, web uploads, vsftpd virtual users, apache virtual hosts, home directories jerryasher Linux - Software 7 02-18-2007 06:29 AM
Apache with virtual hosts linuxmandrake Linux - Security 1 09-14-2006 12:53 PM
Apache Virtual Hosts quozt Linux - Networking 1 07-29-2003 05:56 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration