[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: suEXEC witch mod_userdir

Sorry!! I made a mistake, I sent the reply only to Thomas.

---------- Forwarded message ----------
From: Marc Aymerich <glicerinu@gmail.com>
Date: Thu, Mar 12, 2009 at 11:25 AM
Subject: Re: suEXEC witch mod_userdir
To: Thomas Goirand <thomas@goirand.fr>

On Wed, Mar 11, 2009 at 8:20 PM, Thomas Goirand <thomas@goirand.fr> wrote:
> Marc Aymerich wrote:
>> Hi everybody,
>> We have a apache2-worker in production enviroment with 200 users,
>> this users can access at their websites by domain name
>> http://www.userdomani.org (virtualhost configuration) or by username
>> http://www.domanin.org/~username (mod_userdir). The VirtualHost
>> configuration work's perfectly, the problem is with mod_userdir,
>> mod_userdir doesn't execute suEXEC and consequently the CGI's aren't
>> executed by suexec :( We investigated for several days but we have
>> not been able to find the problem.
> Can I suggest you to have a look at "sbox-dtc" that I maintain in
> Debian? This one has chroot and many limits set for your users. This
> improves A LOT the security of your cgi-bin (even if you disable the
> chroot feature in the config file...), and might resolve your chuid issue.
> Thomas

Hi Thomas!

Thanks for your recommendation. We have considered using DTC control
panel in our servers, but the structure of DTC is not compatible with
our system. We have 3 virtualized servers, for web, mail and mysql,
each of this servers mounts a different disk partition from a SAN
server, and DTC stores web and mail in the user home directory, so we
have no idea how to adapt this to our needs. Is there a way (without
rewriting a big part of DTC) to adapt DTC to out system?

Anyway we continue interesting in solve the suexec problem.


Reply to: