Re: [users@httpd] Security APACHE, PHP and CGI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Apr 9, 2005 12:53 PM, Gare <gare@xxxxxxxxxx> wrote:
> Bo, they can't
> FTP server controls the access by its own users list. The users can access
> to their directory, and just their directory. They can't go out their site.
> But FTP isn't the problem.
> These users share the uid of a real user of the system, this user is the
> owner of the domain and the files in this domain.
> For suexec, Apache serves subdomains with this user as User in httpd.cnf
> I want to know if there is any way to avoid that CGI programs could access
> files in server, that is: a way to restrict the access of cgi scripts inside
> the home of a subdomain, like php does.

No, not that I know of.  CGI allows people to run arbitrary programs
on the server.  If you let them all run under the same userid, then
there is no way to use unix permissions to restrict their activities. 
Overall, it doesn't sound like a good idea to me.  It is like giving
them all telnet access with the same userid and password.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux