On 11/11/05, Sven Karlsson <karlesven@xxxxxxxxx> wrote: > Hello, > > I'm setting up a hosting site with virtual domains, and to increase security > I intend to run suexec'd php and cgi's. > > I'd also like to keep redundancy to a minimum; i.e. only one copy of php in > /usr/lib/cgi-bin . If I need to upgrade php, I'd like to do it in one > place, not messing with users cgi-bin directories. > > Now, suexec requires that both the cgi (in this case php) and its directory > is owned by the vhost owner/uid, otherwise it refuses to execute. > > So my question is, is there some way of having a "shared" cgi-bin where > suexec does not care about the file owner, or perhaps accepts one uid (a > "sharedcgi" user) as owner. > > Of course, the source can be modified, but the documentation strongly > advices against this... so if there is some other solution, I'm all ears! You may want to look into cgiwrap, which has a different set of security rules. suexec will not allow what you want. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|