Re: suEXEC witch mod_userdir
Sorry!! I made a mistake, I sent the reply only to Thomas.
---------- Forwarded message ----------
From: Marc Aymerich <firstname.lastname@example.org>
Date: Thu, Mar 12, 2009 at 11:25 AM
Subject: Re: suEXEC witch mod_userdir
To: Thomas Goirand <email@example.com>
On Wed, Mar 11, 2009 at 8:20 PM, Thomas Goirand <firstname.lastname@example.org> wrote:
> Marc Aymerich wrote:
>> Hi everybody,
>> We have a apache2-worker in production enviroment with 200 users,
>> this users can access at their websites by domain name
>> http://www.userdomani.org (virtualhost configuration) or by username
>> http://www.domanin.org/~username (mod_userdir). The VirtualHost
>> configuration work's perfectly, the problem is with mod_userdir,
>> mod_userdir doesn't execute suEXEC and consequently the CGI's aren't
>> executed by suexec :( We investigated for several days but we have
>> not been able to find the problem.
> Can I suggest you to have a look at "sbox-dtc" that I maintain in
> Debian? This one has chroot and many limits set for your users. This
> improves A LOT the security of your cgi-bin (even if you disable the
> chroot feature in the config file...), and might resolve your chuid issue.
Thanks for your recommendation. We have considered using DTC control
panel in our servers, but the structure of DTC is not compatible with
our system. We have 3 virtualized servers, for web, mail and mysql,
each of this servers mounts a different disk partition from a SAN
server, and DTC stores web and mail in the user home directory, so we
have no idea how to adapt this to our needs. Is there a way (without
rewriting a big part of DTC) to adapt DTC to out system?
Anyway we continue interesting in solve the suexec problem.