[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CGI and Virtual Hosts

I know SuExec :o) 
The problem is following:
1. If I don't want files to be readable for "others", they must belong to the Apache's group (say "www"). 
2. SuExec set efective group to the same, as the file belongs to.
3. If the script is runnig under "www" group, it can read files of all users... I didn't test it, but as far as I know, SuExec can be used with non-IP-based VirtualHosts. I don't see any problem :-/ Daxal Communications - Surf the USA writes: 
Apache has increased CGI security by means of suexec.  The Apache website
has documentation on it.  As far as I've experenced, you need 1 IP address
per user, but I hear you can run any number of users off the same IP
address. 
If you discover how to enable suexec to allow any number of users to use the
same IP address, I'd be interested.  I am currently using mass virtual
hosting with %0 as a virtualscriptalias and virtualdocumentroot delimiter.
eg, /var/webhosting/%0/docroot/ Cheers,
Scott 
----- Original Message -----
From: "Antonin Karasek" <karasek@ceskyserver.cz>
To: <debian-isp@lists.debian.org>
Sent: Friday, October 03, 2003 1:38 PM
Subject: CGI and Virtual Hosts 


Hi,
I want to enable CGI on my web-hosting server, but I can't find out a good
security model (permitions of files). I don't want files to be readable

for

others and don't want CGI to run apache's group. The main problem is, that
the files must belong to the same group as CGI is run. 
The best solution could be to chroot CGI scripts, but Apache can't do this
(I think). Could anybody send me some useful links? Many thanks 

--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

listmaster@lists.debian.org




--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: