| 1 |
On Thursday 02 August 2007 08:54:21 am Martin Gysel wrote: |
| 2 |
> I have a webserver running for multiple 'endusers'. No I want to give |
| 3 |
> some costumers access to certain files as user WEBSERVER for easy |
| 4 |
> editing configuration file owned by the webserver. |
| 5 |
> |
| 6 |
> it should do something like jail the user to |
| 7 |
> /var/www/vhosts/DOMAIN/httpdocs/DIRtoFILES and let him perform some |
| 8 |
> commands (rm, less, nano, etc) there as user WEBSERVER. |
| 9 |
|
| 10 |
As long as WEBSERVER isn't root, you should be able to use a combination of |
| 11 |
sudo/su and chroot. There are some ways to escape a chroot, but I *think* |
| 12 |
they all depend on being root inside the chroot, or exploiting other service |
| 13 |
running outside the chroot. (E.g. if connections from localhost |
| 14 |
are "trusted".) |
| 15 |
|
| 16 |
-- |
| 17 |
Boyd Stephen Smith Jr. ,= ,-_-. =. |
| 18 |
bss03@××××××××××.net ((_/)o o(\_)) |
| 19 |
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' |
| 20 |
http://iguanasuicide.org/ \_/ |
Archives