Re: enabling suexec with debian apache [solved]

To: Debian User List <debian-user@lists.debian.org>
Cc: Robert Varga <robi@piros.zold.net>, Adam Shand <larry@alaska.net>, Marko Cehaja <marko@magikomik.de>
Subject: Re: enabling suexec with debian apache [solved]
From: Joe Block <jpb@creol.ucf.edu>
Date: Mon, 21 Feb 2000 15:54:19 -0500
Message-id: <[🔎] 38B1A5FB.C93981AE@creol.ucf.edu>
References: <[🔎] Pine.LNX.3.96.1000221212726.13373E-100000@piros.zold.net>

Robert Varga wrote:
> If there is an exploitable cgi, then there is web access to all of the
> owning user's files. If it is not run via the suEXEC mechanism, then the
> permissions are that of www-data, which are close to nothing.

Without using suexec or cgiwrap, how do you keep each user's cgis from
mucking about with the other user's cgi datafiles?  And I certainly
don't want one of my student users' cgis able to mess with my log files,
which are also owned by www-data

> If suEXEC is enabled, then a lot more requirements need to be met for
> running a cgi. This usually leads to a lot of users complaining about this
> and that is not working and why, when it runs on another similar machine?

This is a good thing, IMO.  Once students realize that it's their files
and quota that are going to be eaten up by runaway cgis, in my
experience they start paying more attention to what they're writing.

jpb
-- 
Joe Block <jpb@creol.ucf.edu>
CREOL System Administrator

Social graces are the packet headers of everyday life.

Reply to:

Follow-Ups:
- Re: enabling suexec with debian apache [solved]
  - From: Robert Varga <robi@piros.zold.net>

References:
- Re: enabling suexec with debian apache [solved]
  - From: Robert Varga <robi@piros.zold.net>

Prev by Date: [no subject]
Next by Date: creating a bootdisk
Previous by thread: Re: enabling suexec with debian apache [solved]
Next by thread: Re: enabling suexec with debian apache [solved]
Index(es):
- Date
- Thread