On 4/18/05, joey@xxxxxxxxxxxxx <joey@xxxxxxxxxxxxx> wrote: > I have an chrooted apache-2.0.54 with suexec enabled. I'm also using > mod_userdir, along with PHP-cgi/suPHP and perl in the chroot environment. > I would like to limit the files accessed by cgi scripts to files inside of > the users directory (username/public_html). Without using any sort of > RBAL, is it possible to do this? Is there an equivalent to PHP's > open_basedir to cgi's? No, that isn't possible because CGIs can be in arbitrary languages. (Well, it might be possible with something like SELinux, but I don't know much about that.) Your best bet is to use suexec or cgiwrap and properly secure filesystem permissions so that the CGIs can only see what you want. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|