Re: enabling suexec with debian apache [solved]

[Adam Shand <larry@alaska.net>]

> And how can you set up /home/<user>/cgi-bin to be web-executable if you
> cannot describe it with a web url?

that's what aliases and scriptaliases are for.  you would put in their
virtualhost config (or just change the pathing cgiwrap's source) something
like this:

ScriptAlias /cgi-bin/ /home/user/cgi-bin/

think about it, debian's default cgi-bin isn't describable with a url.  the
doc root is /var/www and the default cgi-bin is /usr/lib/cgi-bin.

> - how can I protect data files from being read from the filesystem,
> which should be readable from the web, but only after authentication?
> Since they should be http-served, they should be world-readable... Then
> how can I prevent anyone from reading them on the webserver system
> itself?

what we do is have the doc root setup like this:

ryumin(larry)$ ls -ld /var/www
drwxr-s---  22 root     wwwroot     28672 Dec 27 11:25 /var/www

and have the user the web server runs as setup like this:

ryumin(larry)$ groups www-data
www-data wwwroot

that way the web server can read files from inside /var/www but no one else
can unless they are in the wwwroot group.  

adam.