Hi everybody,
I'm trying to provide users of the system with their own userdir with
php enabled. I installed mod_userdir and modified
/etc/apache2/mods-enabled/userdir.conf as follows:
<IfModule mod_userdir.c>
UserDir /var/www/public
UserDir disabled root
<Directory /var/www/public/*>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
</IfModule>
Of course I do have security concerns. The main one is preventing
/alice/ from creating a php file that is able to read from /bob/'s
webroot. /Alice/ cannot read /bob/'s webroot via filesystem since it's
owned by bob:www-data and she's not bob and also not member of www-data.
But the server of course can.
I've seen something like
php_admin_value open_basedir .
which is promising but also prevents /alice/ from navigate her own
directories.
Is there any way to define the open basedir to /var/www/public/<username>?
I've seen of php-fpm but I don't think it could fit: users could change
dynamically and also uses a lot of memory(?).
Thanks in advance,
Marco
I'm trying to provide users of the system with their own userdir with
php enabled. I installed mod_userdir and modified
/etc/apache2/mods-enabled/userdir.conf as follows:
<IfModule mod_userdir.c>
UserDir /var/www/public
UserDir disabled root
<Directory /var/www/public/*>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
</IfModule>
Of course I do have security concerns. The main one is preventing
/alice/ from creating a php file that is able to read from /bob/'s
webroot. /Alice/ cannot read /bob/'s webroot via filesystem since it's
owned by bob:www-data and she's not bob and also not member of www-data.
But the server of course can.
I've seen something like
php_admin_value open_basedir .
which is promising but also prevents /alice/ from navigate her own
directories.
Is there any way to define the open basedir to /var/www/public/<username>?
I've seen of php-fpm but I don't think it could fit: users could change
dynamically and also uses a lot of memory(?).
Thanks in advance,
Marco