[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CGI and PHP Scripts


Maybe try looking at setting PHP to 'safe mode'


Anand Atreya wrote:
    I have just recently begun using Debian and am in the process of migrating a FreeBSD 4.4 server over to it.  This server had many different users and allowed them to execute CGI and PHP scripts in their public_html folder (or any folder under it) as their own user, not as the user of the webserver, using mod_cgiwrap and mod_phpcgiwrap (from Steven Haryanto).  The site where this was located (http://steven.haryan.to/mod_cgiwrap/mod_cgiwrap.html) no longer exists, and in hindsight, it seems as if mod_cgiwrap was not a very secure solution to begin with.
    Does anybody have any recommendations on how to set up a virtual hosting Apache server such that users can have CGI and PHP scripts execute as themselves, without having to put #!/usr/bin/php at the top of php scripts, and that is completely transparent to the user, also allowing them to place scripts anywhere in their document root?
    (I have tried using suexec as it is installed with the Debian Apache package, but when I tried to execute a script in a virtual host, not using the www.domain.com/~username address, it did not execute the script, saying it was not in the document root.  Does anyone know what the default document root is for the Debian configuration of suexec?)
Thanks a lot.
-- Anand Atreya

Reply to: