Re: virtual hosting methods

To: "Kevin J. Menard, Jr." <kmenard@WPI.EDU>
Subject: Re: virtual hosting methods
From: Gavin Hamill <gdh@acentral.co.uk>
Date: Sun, 25 Nov 2001 12:26:20 +0000
Message-id: <[🔎] 20011125122620.A16150@acentral.co.uk>
In-reply-to: <[🔎] 1249428988.20011124184402@wpi.edu>
References: <[🔎] Pine.LNX.4.33.0111250026450.5478-100000@manhattan.pisitek.com> <[🔎] 1249428988.20011124184402@wpi.edu>

On Sat, Nov 24, 2001 at 06:44:02PM -0500, Kevin J. Menard, Jr. wrote:
> 
> MpP> For simple masshosting I still suggest mod_vhost.
> 
> Which brings me back to my original question.  For simple masshosting, I
> would agree.  But what about a system where some vhosts have CGI or SSI
> access for example, and some don't.  Would the former setup be better, or
> the latter?

This is my biggest problem and a significant security hole :/

I have a directory /www containing all the vhosting directories, named
domain.com, etc.

the entire directory tree is owned by a user called virtual, and
everyone has CGI, PHP and SSI access.

In this way it would be very easy for anyone to upload a 'file manager'
CGI and be able to change the documents of any other Vhost user :(

People have pointed me at sudo in the past but I don't want to start
creating /etc/passwd users - that was the whole point of the virtual
system - no real system users for www, ftp or mail!

Any ideas, anyone? We haven't had any problems to date because none of
our clients know anything / much about scripting...

Cheers, 

gdh

Reply to:

Follow-Ups:
- Re: virtual hosting methods
  - From: Mark Aitchison <mark@plain.co.nz>

References:
- Re: virtual hosting methods
  - From: Martin 'pisi' Paljak <pisi@pisitek.com>
- Re[2]: virtual hosting methods
  - From: "Kevin J. Menard, Jr." <kmenard@WPI.EDU>

Prev by Date: Re: rogue Chinese crawler
Next by Date: Installing PPP 2.4.0
Previous by thread: Re[2]: virtual hosting methods
Next by thread: Re: virtual hosting methods
Index(es):
- Date
- Thread