On Mon, 2003-06-09 at 07:59, Stefan Neufeind wrote: > But afaik you run into real problems when you try to use suexec with > php, don't you? Or has anybody managed to get this running correctly? > (for Apache 1.3.x !!!). There *are* issues with running suExec + php. First, php must be run as a cgi - you can't use mod_php. This introduces performance issues, since mod_php is much faster than a executing a standalone php interperter for each page requested. Next, you have to decide whether you want to have the interperter executable inside or outside the web root. Outside is safer - but then your scripts have to have #!/path/to/php at the top - although there are ways around that too. Google has some success stories where people managed to get it to work. - Jon > > On 6 Jun 2003 at 17:06, Wade Richards wrote: > > > On 06 Jun 2003 16:15:37 PDT, Jon writes: > > >I believe Apache would still be executing php/cgi scripts as > > >www-data, so users could snoop on other users's scripts, session > > >files, etc. > > > > > >Something like: > > ><?php echo `ls ../neighbor/public_html`; ?> > > > > I suggest you look up the suEXEC Apache module, it seems to do exactly > > what you want. -- jon@tgpsolutions.com Administrator, tgpsolutions http://www.tgpsolutions.com
Attachment:
signature.asc
Description: This is a digitally signed message part