1 |
Angel Freire wrote: |
2 |
> If VirtualHost A has some php files with an access mask like 777 (common |
3 |
> in hostings) and VirtualHost B 'guess' the VH A full dir it can trough |
4 |
> fopen or many other ways open these file. |
5 |
|
6 |
All I can say is, don't do this ever. It's better to use php-cgi with |
7 |
wrappers like suexec or cgiwrap. Also set homedirectories to sticky |
8 |
group flags and group to the group, apache is into. Don't add users to |
9 |
this group. Then they cannot write or read in these groups. |
10 |
2750 is the mode mask for homedirectories and 027 the umask for users. |
11 |
Then your provider should be safe and trustworthy. |
12 |
An alternative is, give users their own groups and add the apache user |
13 |
into these groups all. Then one doesn't need group sticky any more. |
14 |
Homedir flags should still be at 750. |