Default Apache install not fit for multiple domains/users
Okay, I already posted this message to debian-users, but please don't
flame me - i just figured that maybe debian-security is the better place
to post a request for help like this. Clearly enough this is a security
concern, after all. So maybe you could be so kind and help me out on
this one:
I want to enable some friends of mine to host their web pages on my
woody server. It has Apache LAMP running in great shape and it suits my
Web page just fine. The Problem that I have now is, that the apache user
is www-data. Well, I guessed I could just change the user permissions on
the /var/www/<path.to.site> directories to the respective user names,
but that doesnt do the trick, because then, all write permissions for
cgi scripts for these diretories are gone, as they no longer belong to
www-data.
Nevertheless I just want my friends to stop go poking around in foreign
web sites, and at the same time have access to perl/php scripting.Where
do I go from here? I am not a particularly guru-like administrator, so I
am a bit afraid of using setuid. After all I do not even know, if that
would do the trick.
All help is really, really appreciated very much.
P.S.: I googled quite thoroughly, but couldn't get anywhere near my
problem. Maybe I just used the wrong words, because I can't believe I am
the only one with this problem
Yours Truly,
Toni
Reply to: