On Apr 9, 2005 12:53 PM, Gare <gare@xxxxxxxxxx> wrote: > Bo, they can't > FTP server controls the access by its own users list. The users can access > to their directory, and just their directory. They can't go out their site. > But FTP isn't the problem. > These users share the uid of a real user of the system, this user is the > owner of the domain and the files in this domain. > For suexec, Apache serves subdomains with this user as User in httpd.cnf > I want to know if there is any way to avoid that CGI programs could access > files in server, that is: a way to restrict the access of cgi scripts inside > the home of a subdomain, like php does. No, not that I know of. CGI allows people to run arbitrary programs on the server. If you let them all run under the same userid, then there is no way to use unix permissions to restrict their activities. Overall, it doesn't sound like a good idea to me. It is like giving them all telnet access with the same userid and password. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|