You miss understand. A user with ftp access only to a single virtual host can
upload a PHP shell to there web space. The PHP shell allows them to login with
a made up password they make. Once logged in to the PHP shell they are no
longer restricted by there FTP login permissions due to the fact
If a PHP Shell can be uploaded. http://phpshell.sourceforge.net/ Then any thing
www-data can do so can the shell user, As stated in my post about virtual hosts
seeing each others document roots.
- Original Message -
From: "ASAI"
To: users@httpd.apache.org
Sent: Saturday, March 19,
While the setup Jim decribes is similar to what I have setup, The issue still
remains when a user uploads a PHPSHELL to there docment root and access the
server through the uploaded shell they are no longer operating under the FTP
user account. They are operating under the www-data account which
I'm running Apache/2.2.12 (Ubuntu) Server. I thought I was running a separate
instance of httpd by having Listen configured twice in the ports.conf file. see
below.
I have two IP virtual hosts setup in the site-available
ServerAdmin webmaster@localhost
DocumentRoot /var/www
ServerName we
I have apache2 running virtual hosts. Ive fingered out how to jail a user that
uploads files to the document root using jailkit and only allow SFTP access.
What I have not fingered out is how to keep a user from reading other files on
the system such as other virtual host document roots by uploa
