Hi all,
I am trying to set up a dedicated Ruby on Rails server on Debian Sarge,
with Apache 2 and mod_fcgid. There are 2-3 applications on this server,
using virtual hosts. For now, everything works fine.
However, I would like to secure this a little bit more. What I would
like is to prevent one of the web apps to run a shell command to read
one of the other app''s source file, or worse, modify it. With PHP,
there
was basedir which did the job if I remember correctly.
So, what I would like is a way to ''chroot'' all fcgid process
from one
app to the app''s directory. Could suexec do the job? I
couldn''t find any
tutorial... I don''t really need the fcgid process to be run as a
special
user, I just need it to be unable to access what it should not access.
Thank you in advance ;-)
Nauhaie
--
Posted via http://www.ruby-forum.com/.
