Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Jul 2007 19:13:13 +1200
From:      Josh <>
Subject:   ACL/MAC for shared host
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
Hello there.

I have apache running php-cgi via fastcgi and suexec on a shared system. 
Each vhost has a SuexecUserGroup set to the user/group of normal system 
account ( which does not have shell access ) which owns the vhost.

Now. I was wondering what the best way of using MAC/ACL's to stop a 
uid:gid ( Suexec user/group ) from being able to run anything other than 
what php has to use, eg, so from php it cannot run system("ls /etc") or 
such like.

Anyone done this before?

It seems to be that not many people seem to care about php security on a 
shared host.

Any comments at all would be appriciated.

Cheers, Josh

Want to link to this message? Use this URL: <>