1 |
On Thursday 02 August 2007 08:54:21 am Martin Gysel wrote: |
2 |
> I have a webserver running for multiple 'endusers'. No I want to give |
3 |
> some costumers access to certain files as user WEBSERVER for easy |
4 |
> editing configuration file owned by the webserver. |
5 |
> |
6 |
> it should do something like jail the user to |
7 |
> /var/www/vhosts/DOMAIN/httpdocs/DIRtoFILES and let him perform some |
8 |
> commands (rm, less, nano, etc) there as user WEBSERVER. |
9 |
|
10 |
As long as WEBSERVER isn't root, you should be able to use a combination of |
11 |
sudo/su and chroot. There are some ways to escape a chroot, but I *think* |
12 |
they all depend on being root inside the chroot, or exploiting other service |
13 |
running outside the chroot. (E.g. if connections from localhost |
14 |
are "trusted".) |
15 |
|
16 |
-- |
17 |
Boyd Stephen Smith Jr. ,= ,-_-. =. |
18 |
bss03@××××××××××.net ((_/)o o(\_)) |
19 |
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' |
20 |
http://iguanasuicide.org/ \_/ |