Re: enabling suexec with debian apache [solved]
On Sat, 26 Feb 2000, Adam Shand wrote:
>
> > And how can you set up /home/<user>/cgi-bin to be web-executable if you
> > cannot describe it with a web url?
>
> that's what aliases and scriptaliases are for. you would put in their
> virtualhost config (or just change the pathing cgiwrap's source) something
> like this:
>
> ScriptAlias /cgi-bin/ /home/user/cgi-bin/
>
> think about it, debian's default cgi-bin isn't describable with a url. the
> doc root is /var/www and the default cgi-bin is /usr/lib/cgi-bin.
That involves creating a virtual host for every user.
I was asking whether ~user/cgi-bin can be made to be not under
/home/user/public_html/cgi-bin but /home/user/cgi-bin.
>
> > - how can I protect data files from being read from the filesystem,
> > which should be readable from the web, but only after authentication?
> > Since they should be http-served, they should be world-readable... Then
> > how can I prevent anyone from reading them on the webserver system
> > itself?
>
> what we do is have the doc root setup like this:
>
> ryumin(larry)$ ls -ld /var/www
> drwxr-s--- 22 root wwwroot 28672 Dec 27 11:25 /var/www
>
> and have the user the web server runs as setup like this:
>
> ryumin(larry)$ groups www-data
> www-data wwwroot
>
> that way the web server can read files from inside /var/www but no one else
> can unless they are in the wwwroot group.
>
> adam.
>
>
The problem with this is that this way the users can't do this themselves,
but they need me to chown and chgrp their files needing protection. They
can't create files with www-data.wwwroot, and apache won't serve files
for which it has only group access rights.
Or maybe I only need to restart apache after adding www-data to the user's
group? (Adding www-data to the user's group pose no problems if every cgi
is run under the owner's id).
Robert Varga
Reply to: