lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


there was something like my problem in the list before [1], but I got a different problem with this.

Since we want to host different lua-websites on my server, we want to limit the users' script access to his own directory only.

For Example:
 - index.lua
 - index.lua
 - pass.lua

Currently it is possible with lua to do the following:[[../bar/pass.lua]]

So an other user is able to access this directory and its content. If all scripts would run with the same user account, he maybe would be even able to write the files!

Of course I am aware of the fact that you could use multiple accounts on windows or chroot on *nix (copying/symlinking the binaries, needed here), this would be lots of work for admins to create a new user.

The soloution at the post from September 2003 [1] is not what I wanted, because its possible to overwrite the functions again, or am I wrong? Is there any compile option or powerpatch available to add this base dir limit for scripts?

Kind regards,
 Jan (DracoBlue)