O perhaps the opnly solution is a VPS, but I prefer something more simple ... and cheaper.
Thanks----- Original Message ----- From: "Joshua Slive" <jslive@xxxxxxxxx>
To: <users@xxxxxxxxxxxxxxxx> Sent: Saturday, April 09, 2005 7:59 PM Subject: Re: [users@httpd] Security APACHE, PHP and CGI
On Apr 9, 2005 12:53 PM, Gare <gare@xxxxxxxxxx> wrote:Bo, they can'tFTP server controls the access by its own users list. The users can access to their directory, and just their directory. They can't go out their site.But FTP isn't the problem. These users share the uid of a real user of the system, this user is the owner of the domain and the files in this domain. For suexec, Apache serves subdomains with this user as User in httpd.cnfI want to know if there is any way to avoid that CGI programs could access files in server, that is: a way to restrict the access of cgi scripts insidethe home of a subdomain, like php does.No, not that I know of. CGI allows people to run arbitrary programs on the server. If you let them all run under the same userid, then there is no way to use unix permissions to restrict their activities. Overall, it doesn't sound like a good idea to me. It is like giving them all telnet access with the same userid and password. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx