Hello, I need to setup a dynamic mass virtual hosting server using apache and would like to allow the users to have their own CGI. To reduce security risks I would like to use suEXEC in this setup. While reading the suEXEC documentation that comes with the apache package I learned that I must add a User and Group directive in the VirtualHost definition. My problem is that I am using mod_vhost_alias like mentioned in the apache manual using something like this in httpd.conf: VirtualDocumentRoot /www/hosts/%0/docs VirtualScriptAlias /www/hosts/%0/cgi-bin Is there a way to make User and Group a function of %0 (the requested host)? Would changing suEXEC to run as the owner of the script be a big security hole? Is there another way to do this without having to add every virtual host to my httpd.conf ? Thanks. -- Rúben Leote Mendes - ruben@nocturno.org
Attachment:
pgpWdqVd43lvG.pgp
Description: PGP signature