Greetings list members! I hope you can help me with understanding more about what can be done with suexec in a rewtirren world. Let me explain - I have a platform geared to mass hosting for CGI scripts. I do no use virtualhosts, and instead use the rewrite engine and map files to do on the fly location of customer sites (all sites have the form cgi.USER.domain), so with map lookups on the incoming request, cgi.user1.domain automatically gets mapped to /files/www/home1/user1/htdocs (for example). This has worked fine for years. However, we now wish to tighten up on security and move away from all users belonging to the same group (which the web server also belongs to), and we would like all user's (perl/php/shell etc) scripts to be executed as themselves so user data is better protected - for this I'd like to use suexec, but the problem I have is that suexec relies on the Suexecusergroup directive within a virtual host to work (we don't use userdirs). Someone suggested to me that this isn't a problem because you can do variable substitution to directives in the configuration file, so you can essentially do: Suexecusergroup $user $group instead. Whilst I have never heard of this functionality, nor seen it, I decided to be open-minded (he cited someone else has done this elsewhere), and did some research, but I can't find any references to these techniques. Have I been given a bum steer here? If I have, what suggestions do the group have to allow mass hosting using suexec (other than having to maintain many thousands of virtualhost entries in httpd.conf)? If suexec isn't practical, what other options are there to allow me to have users scripts run as themselves? Thank you for your time and consideration :) Gary Wilson --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|