Re: CGI and Virtual Hosts

To: debian-isp@lists.debian.org
Subject: Re: CGI and Virtual Hosts
From: "Antonin Karasek" <karasek@ceskyserver.cz>
Date: Fri, 03 Oct 2003 22:49:49 +0200
Message-id: <[🔎] 20031003204949.18993.qmail@cernunnos.ceskyserver.cz>
In-reply-to: <[🔎] Pine.LNX.4.44.0310031623140.27653-100000@brave.cs.uml.edu>
References: <[🔎] Pine.LNX.4.44.0310031623140.27653-100000@brave.cs.uml.edu>

I don't see any SuexecUserGroup directive :o)This solution is nice, but it's using PerChild module - I think.Can I ask, how many Virtual Hosts are you handling on one computer? I thinkit can't be very efective (see my previous mail).Dan MacNeil writes:

has documentation on it.  As far as I've experenced, you need 1 IP address
per user, but I hear you can run any number of users off the same IP
address.

We are running many sites w/ suexec on (1) IP number.NameVirtualHost 129.63.24.92

<Macro Site  $directory $host>
<VirtualHost 129.63.24.92>
   ServerAdmin webmaster@$host
   ServerName $host
   ServerAlias www.$host
   DocumentRoot /home/sites/$directory/doc_root
   User $directory

Group $directory

   ErrorLog /var/log/apache/sites/$directory/error.log
   CustomLog /var/log/apache/sites/$directory/referer.log referer

CustomLog /var/log/apache/sites/$directory/combined.log combinedAlias /reports /home/sites/$directory/reports

   ScriptAlias /cgi-bin /home/sites/$directory/cgi-bin
   <Directory  /home/sites/$directory/cgi-bin>
        AllowOverride None
        Options IncludesNOEXEC ExecCGI

</Directory>

   ScriptAlias /kwiki /home/sites/$directory/kwiki
   <Directory  /home/sites/$directory/cgi-bin>
        DirectoryIndex index.html
        AllowOverride None
        Options IncludesNOEXEC ExecCGI

</Directory></VirtualHost></Macro>On Fri, 3 Oct 2003, Daxal Communications - Surf the USA wrote:

Apache has increased CGI security by means of suexec.  The Apache website
has documentation on it.  As far as I've experenced, you need 1 IP address
per user, but I hear you can run any number of users off the same IP

address.

If you discover how to enable suexec to allow any number of users to use the
same IP address, I'd be interested.  I am currently using mass virtual
hosting with %0 as a virtualscriptalias and virtualdocumentroot delimiter.

eg, /var/webhosting/%0/docroot/Cheers,

Scott

----- Original Message -----
From: "Antonin Karasek" <karasek@ceskyserver.cz>
To: <debian-isp@lists.debian.org>
Sent: Friday, October 03, 2003 1:38 PM

Subject: CGI and Virtual Hosts


> Hi,
> I want to enable CGI on my web-hosting server, but I can't find out a good
> security model (permitions of files). I don't want files to be readable
for
> others and don't want CGI to run apache's group. The main problem is, that
> the files must belong to the same group as CGI is run.
>
> The best solution could be to chroot CGI scripts, but Apache can't do this
> (I think).
>
> Could anybody send me some useful links?
>
> Many thanks
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>

>


--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org

with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: CGI and Virtual Hosts
  - From: Dan MacNeil <omacneil@brave.cs.uml.edu>

References:
- Re: CGI and Virtual Hosts
  - From: Dan MacNeil <omacneil@brave.cs.uml.edu>

Prev by Date: Re: CGI and Virtual Hosts
Next by Date: Re: CGI and Virtual Hosts
Previous by thread: Re: CGI and Virtual Hosts
Next by thread: Re: CGI and Virtual Hosts
Index(es):
- Date
- Thread