RE: Apache and multiple virtual domains

To: "Jason Lim" <maillist@jasonlim.com>, <m.hicking@via-net-works.de>, <debian-isp@lists.debian.org>
Subject: RE: Apache and multiple virtual domains
From: "Marcelo Gulin" <listas@informatic-sa.com.ar>
Date: Sun, 29 Apr 2001 11:22:59 -0300
Message-id: <005d01c0d0b7$e6fb5f00$0401a8c0@ventas>
References: <20010426130300.C697@oxygen> <3AE9318A.30481.9ECEF331@localhost> <012b01c0cfd0$18f795c0$a459fea9@gulinma> <003c01c0d04b$ede05300$0300a8c0@jcl1>

Hi!

>
> However, PHP is still run under the webserver's UID, correct?
>
> The only workaround is the run PHP in cgi version...?
Yes. You need the CGI version I think
Because you need to use the suEXEC wrapper, which is bit SUID, to execute
programs under other UIDs  (not nobody or httpd)

hope it helps.
cheers
marcelo gulin
>
> Jason
>
> ----- Original Message -----
> From: "Marcelo Gulin" <listas@informatic-sa.com.ar>
> To: <m.hicking@via-net-works.de>; <debian-isp@lists.debian.org>
> Sent: Saturday, April 28, 2001 6:13 PM
> Subject: RE: Apache and multiple virtual domains
>
>
> > Hi!
> >
> >   You can use suEXEC mechanism to do that job.
> >   suEXEC wrapper allow run CGI & SSI under different UIDs
> >
> > cheers
> > marcelo gulin
> >
> >
> > ----- Original Message -----
> > From: Marcel Hicking <m.hicking@vianetworks.de>
> > To: <debian-isp@lists.debian.org>
> > Sent: Friday, April 27, 2001 3:44 AM
> > Subject: Re: Apache and multiple virtual domains
> >
> >
> > >
> > > > What I want to do is have multiple virtual hosts with each virtual
> > > > host having a different UID for running CGI-BIN scripts.
> > >
> > > http://cgiwrap.unixtools.org/
> > > "CGIWrap is a gateway program that allows general users to use CGI
> > > scripts and HTML forms without compromising the security of the http
> > > server. Scripts are run with the permissions of the user who owns the
> > > script. In addition, several security checks are performed on the
> > > script, which will not be executed if any checks fail."
> > >
> > > Since scripts uploaded via FTP will be owned by your customers
> > > UID, they should then run under his UID. I am not sure, however,
> > > if you could get the whole apache subprocess to be run under a
> > > different UID this way, but then I am not sure if this would
> > > give additional security or other advantages.
> > >
> > > BTW. I've seen some descriptions on how to set up CGIwrap
> > > transparently so your customers whouldn't even notice
> > > CGIwrap is running. Something with setting up a handler
> > > for file extensions. Maybecheck the tips and tricks page
> > > http://cgiwrap.unixtools.org/tricks.html on this as
> > > well as for some nice mod_rewrite rules ;-)
> > >
> > > Cheers, Marcel
> > >
> > >
> > > --
> > > To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> > > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
> > >
> > >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> >
> >
> > http://www.zentek-international.com
> > http://hk.zentek-international.com
> > http://us.zentek-international.com
>
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>

Reply to:

References:
- Re: Apache and multiple virtual domains
  - From: Andrew Savory <a.savory@btinternet.com>
- Re: Apache and multiple virtual domains
  - From: "Marcel Hicking" <m.hicking@vianetworks.de>
- RE: Apache and multiple virtual domains
  - From: "Marcelo Gulin" <listas@informatic-sa.com.ar>
- Re: Apache and multiple virtual domains
  - From: "Jason Lim" <maillist@jasonlim.com>

Prev by Date: Re: An LDAP authentication howto for Debian?
Next by Date: Re: An LDAP authentication howto for Debian?
Previous by thread: Re: Apache and multiple virtual domains
Next by thread: Re: Apache and multiple virtual domains
Index(es):
- Date
- Thread