Re: CGI and Virtual Hosts
> Can I ask, how many Virtual Hosts are you handling on one computer? I think
> it can't be very efective (see my previous mail).
We're doing about 50 virtual hosts that are very lightly used.
> This solution is nice, but it's using PerChild module - I think.
As far as I know we are not using anything called PerChild module --just
straight suexec which is called to execute each cgi script.
> I don't see any SuexecUserGroup directive :o)
User $directory
Group $directory
We're also using mod_macro and mod_include
in /etc/httpd.conf there is a line like:
include /etc/apache/sites.txt
In the /etc/sites.txt: there are lines like:
Use Site eldermental eldermentalhealth.org
--The include lines are after the macro definitions.
#####
On Fri, 3 Oct 2003, Antonin Karasek wrote:
> I don't see any SuexecUserGroup directive :o)
>
> This solution is nice, but it's using PerChild module - I think.
>
> Can I ask, how many Virtual Hosts are you handling on one computer? I think
> it can't be very efective (see my previous mail).
>
> Dan MacNeil writes:
>
> >
> >> has documentation on it. As far as I've experenced, you need 1 IP address
> >> per user, but I hear you can run any number of users off the same IP
> >> address.
> >
> > We are running many sites w/ suexec on (1) IP number.
> >
> >
> >
> > NameVirtualHost 129.63.24.92
> >
> > <Macro Site $directory $host>
> > <VirtualHost 129.63.24.92>
> > ServerAdmin webmaster@$host
> > ServerName $host
> > ServerAlias www.$host
> > DocumentRoot /home/sites/$directory/doc_root
> > User $directory
> > Group $directory
> >
> > ErrorLog /var/log/apache/sites/$directory/error.log
> > CustomLog /var/log/apache/sites/$directory/referer.log referer
> > CustomLog /var/log/apache/sites/$directory/combined.log combined
> >
> > Alias /reports /home/sites/$directory/reports
> >
> > ScriptAlias /cgi-bin /home/sites/$directory/cgi-bin
> > <Directory /home/sites/$directory/cgi-bin>
> > AllowOverride None
> > Options IncludesNOEXEC ExecCGI
> > </Directory>
> >
> > ScriptAlias /kwiki /home/sites/$directory/kwiki
> > <Directory /home/sites/$directory/cgi-bin>
> > DirectoryIndex index.html
> > AllowOverride None
> > Options IncludesNOEXEC ExecCGI
> > </Directory>
> >
> > </VirtualHost>
> >
> > </Macro>
> >
> >
> >
> >
> >
> > On Fri, 3 Oct 2003, Daxal Communications - Surf the USA wrote:
> >
> >> Apache has increased CGI security by means of suexec. The Apache website
> >> has documentation on it. As far as I've experenced, you need 1 IP address
> >> per user, but I hear you can run any number of users off the same IP
> >> address.
> >>
> >> If you discover how to enable suexec to allow any number of users to use the
> >> same IP address, I'd be interested. I am currently using mass virtual
> >> hosting with %0 as a virtualscriptalias and virtualdocumentroot delimiter.
> >> eg, /var/webhosting/%0/docroot/
> >>
> >> Cheers,
> >>
> >>
> >> Scott
> >>
> >> ----- Original Message -----
> >> From: "Antonin Karasek" <karasek@ceskyserver.cz>
> >> To: <debian-isp@lists.debian.org>
> >> Sent: Friday, October 03, 2003 1:38 PM
> >> Subject: CGI and Virtual Hosts
> >>
> >>
> >> > Hi,
> >> > I want to enable CGI on my web-hosting server, but I can't find out a good
> >> > security model (permitions of files). I don't want files to be readable
> >> for
> >> > others and don't want CGI to run apache's group. The main problem is, that
> >> > the files must belong to the same group as CGI is run.
> >> >
> >> > The best solution could be to chroot CGI scripts, but Apache can't do this
> >> > (I think).
> >> >
> >> > Could anybody send me some useful links?
> >> >
> >> > Many thanks
> >> >
> >> >
> >> > --
> >> > To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> >> > with a subject of "unsubscribe". Trouble? Contact
> >> listmaster@lists.debian.org
> >> >
> >> >
> >>
> >>
> >>
> >
> >
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
>
>
>
>
Reply to: