[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Default Apache install not fit for multiple domains/users

"Stefan Neufeind" <stefan@neufeind.net> writes:

> But afaik you run into real problems when you try to use suexec with 
> php, don't you? Or has anybody managed to get this running correctly? 
> (for Apache 1.3.x !!!).

You do if you use php scripts that are parsed by the server itself.
You can use php cgi scripts with suexec without any problems.

> On 6 Jun 2003 at 17:06, Wade Richards wrote:
>> On 06 Jun 2003 16:15:37 PDT, Jon writes:
>> >I believe Apache would still be executing php/cgi scripts as
>> >www-data, so users could snoop on other users's scripts, session
>> >files, etc.
>> >
>> >Something like:
>> ><?php echo `ls ../neighbor/public_html`; ?>
>> I suggest you look up the suEXEC Apache module, it seems to do exactly
>> what you want.
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Ted Cabeen
Systems/Network Administrator
Impulse Internet Services

Reply to: