If they are all owned by one account, couldn't owners of one subdomain just FTP in and erase the files of some other owner? ----- Original Message ----- From: "Gare" <gare@xxxxxxxxxx> To: <users@xxxxxxxxxxxxxxxx> Sent: Saturday, April 09, 2005 12:04 PM Subject: [users@httpd] Security APACHE, PHP and CGI > We have a site with several subdomains hosted, but the webmasters of these > subdomains are not allowed to use their own CGI nor PHP. > The box runs under Fedora with Apache 1.3, and webmasters of subdomains are > not users of the OS, they share the account of a user (the owner of the main > domain where subdomains are hosted). > I would like to offer php and cgi support, but I am worried about security. > I know that PHP can be configured in secure mofe and that we can control > access to directories. > But CGI is too powerful, and a CGI program can access a lot of files in the > server. > suExec is not a solution, because webmasters could access files in other > subdomains (they share the same account). > > Is there any solution to host subdomains with php and cgi without compromise > server and subdomains security? > > thanks > > > > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|