Re: Apache/PHP/FTP and user rights
A stub runs as root, yes, but all the threads that actually handle requests
are running as the correct non-priveleged user on my system.
I've never experienced a problem with cgi-php and very much doubt debian
would provide it as a package if it provided such a big hole.
LC Host Administrator
----- Original Message -----
From: "Marcin Sochacki" <email@example.com>
Sent: Thursday, August 01, 2002 4:29 PM
Subject: Re: Apache/PHP/FTP and user rights
> On Thu, Aug 01, 2002 at 03:40:23PM +0200, firstname.lastname@example.org
> > I'm facing a problem I thought would be fairly easy to deal with, but
> > haven't found a proper solution. Here it is :
> > We have a web werver hosting a few tens of customers using
> > VirtualHosts. We have mod_php and use FTP for updates, each customer
> > having its own UID.
> > What we consider the "right" solution would be to have Apache run as
> > user.user in each virtual host. This seems to be doable with
> > User/Group directives. Unfortunatly :
> Apache doesn't honor those options in virtual host context, unless run
> as root and recompiled with some -DBIG_SECURITY_HOLE option.
> Obviously this is not a very secure solution.
> Take a look here:
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact