[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: virtual hosting methods

On Sat, Nov 24, 2001 at 06:44:02PM -0500, Kevin J. Menard, Jr. wrote:
> MpP> For simple masshosting I still suggest mod_vhost.
> Which brings me back to my original question.  For simple masshosting, I
> would agree.  But what about a system where some vhosts have CGI or SSI
> access for example, and some don't.  Would the former setup be better, or
> the latter?

This is my biggest problem and a significant security hole :/

I have a directory /www containing all the vhosting directories, named
domain.com, etc.

the entire directory tree is owned by a user called virtual, and
everyone has CGI, PHP and SSI access.

In this way it would be very easy for anyone to upload a 'file manager'
CGI and be able to change the documents of any other Vhost user :(

People have pointed me at sudo in the past but I don't want to start
creating /etc/passwd users - that was the whole point of the virtual
system - no real system users for www, ftp or mail!

Any ideas, anyone? We haven't had any problems to date because none of
our clients know anything / much about scripting...



Reply to: