[users@httpd] Proper config for suexec and maintain chroot'ed FTP?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 
I recently went from Apache v1.x to v2.0.54. Most things went fine, but I am having trouble finding the proper way to configure things for suexec support while still maintaining the filesystem the way I would like it.
As an example, say I host acmecorp.dom as a virtual host and they want to run their own CGI scripts. Under Apache v1.x, I configured them as follows: 

1. I used "User acme" and "Group acme" directives in the httpd.conf.
2. I had their DocumentRoot set to /home/acme/web.
3. Their CGI scripts were in /home/acme/web/cgi-bin.
4. I had them set up so that FTPd kept them chroot'ed to /home/acme.

This worked well.
I seem unable to find a way to do the same thing properly under Apache v2.0 with suexec2's requirement that the files be in the docroot. It does not use the docroot of the virtual host -- but uses the default/main docroot of /var/www.
I tried doing a symlink from /var/www/acme to /home/acme/web, but suexec2 still considers the final script to be in /home/acme/web/cgi-bin (not /var/www/acme/cgi-bin) and therefore considers it "not in docroot."
I could move acme's entire web directory to /var/www/acme, of course, and then suexec would be happy -- but then it makes it more difficult to chroot them to their home directory via FTP and such -- so I end up with permission errors on the other side.
Is there a way to do this properly and make it work -- leaving the actual files in their home directory? 

A couple notes:
1. I do this for multiple virtual hosts with different accounts -- so I couldn't find a way to override suexec's docroot for each one individually.
2. I don't want these to be ~acme type sites, so I don't think suexec's "user home directory" support will do what I want, right? 

Thanks for thoughts/suggestions/tips/solutions!  :)

 - John Goggan


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux