Contributed by jose on from the httpland-security dept.
I hope it's right I can ask through this way to the visitors of deadly.org a question: can OpenBSD be used for an ISP environment? For example, is it possible to fully use CGI in the chrooted apache, and just all the other things you need as an ISP? It is off course also very important users can't read each others files with php/cgi.
I think one of the biggest questions is: should I run apache chrooted or not?
If it is possible to use it in an ISP environment, does somebody maybe have a nice collection of documents which is completely dedicated to this topic?" As suggested in the http chroot FAQ , some users will probably want to disable the chroot functionality of httpd to enable their cgi-bin programs to work. However, this defeats a significant portion of the security for this kind of setup. Anyone care to share their recipes for setups like PHP, Perl, and other cgi-bin content keeping httpd chroot enabled?
(Comments are closed)