Re: Apache and multiple virtual domains

To: "Marcelo Gulin" <listas@informatic-sa.com.ar>, <m.hicking@via-net-works.de>, <debian-isp@lists.debian.org>
Subject: Re: Apache and multiple virtual domains
From: Russell Coker <russell@coker.com.au>
Date: Sat, 28 Apr 2001 15:05:09 +0200
Message-id: <01042815050900.20057@lyta>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <012b01c0cfd0$18f795c0$a459fea9@gulinma>
References: <20010426130300.C697@oxygen> <3AE9318A.30481.9ECEF331@localhost> <012b01c0cfd0$18f795c0$a459fea9@gulinma>

On Saturday 28 April 2001 12:13, Marcelo Gulin wrote:
>   You can use suEXEC mechanism to do that job.
>   suEXEC wrapper allow run CGI & SSI under different UIDs

My impression is that suEXEC only works for explicit user home directories 
wheras cgiwrap works with URLs that map to something equating a home 
directory and then runs them under whichever UID it finds.

I'll have to check this more though.

Also suEXEC doesn't seem to have any facilities for limiting the CPU usage, 
memory, etc for processes it runs.  cgiwrap has this hard coded but it's 
still better than nothing.

>
> cheers
> marcelo gulin
>
>
> ----- Original Message -----
> From: Marcel Hicking <m.hicking@vianetworks.de>
> To: <debian-isp@lists.debian.org>
> Sent: Friday, April 27, 2001 3:44 AM
> Subject: Re: Apache and multiple virtual domains
>
> > > What I want to do is have multiple virtual hosts with each virtual
> > > host having a different UID for running CGI-BIN scripts.
> >
> > http://cgiwrap.unixtools.org/
> > "CGIWrap is a gateway program that allows general users to use CGI
> > scripts and HTML forms without compromising the security of the http
> > server. Scripts are run with the permissions of the user who owns the
> > script. In addition, several security checks are performed on the
> > script, which will not be executed if any checks fail."
> >
> > Since scripts uploaded via FTP will be owned by your customers
> > UID, they should then run under his UID. I am not sure, however,
> > if you could get the whole apache subprocess to be run under a
> > different UID this way, but then I am not sure if this would
> > give additional security or other advantages.
> >
> > BTW. I've seen some descriptions on how to set up CGIwrap
> > transparently so your customers whouldn't even notice
> > CGIwrap is running. Something with setting up a handler
> > for file extensions. Maybecheck the tips and tricks page
> > http://cgiwrap.unixtools.org/tricks.html on this as
> > well as for some nice mod_rewrite rules ;-)
> >
> > Cheers, Marcel
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
>
> listmaster@lists.debian.org

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

Reply to:

References:
- Re: Apache and multiple virtual domains
  - From: Andrew Savory <a.savory@btinternet.com>
- Re: Apache and multiple virtual domains
  - From: "Marcel Hicking" <m.hicking@vianetworks.de>
- RE: Apache and multiple virtual domains
  - From: "Marcelo Gulin" <listas@informatic-sa.com.ar>

Prev by Date: Re: Authentication schemes
Next by Date: An LDAP authentication howto for Debian?
Previous by thread: RE: Apache and multiple virtual domains
Next by thread: Re: Apache and multiple virtual domains
Index(es):
- Date
- Thread