Hi,I'm trying to get my apache webserver as secure as possible. The server is used for multiple virtual hosts and I want to isolate each vhost host. I used this document as a guide
http://snippets.dzone.com/posts/show/81everything works fine. Each vhost is under a separate unix user/group and apache is running as nobody/nobody. The user nobody is also in all the usergroups but Solaris has a limit of 32 additional groups a user can be in. So there's my problem. I though the solution would be ZFS ACL's and tried that. The user nobody can navigate in the public_html directory of the vhost (nobody is not in the usergroup anymore) and apache shows HTML files. But when I want to show php files something goes wrong:
ForbiddenYou don't have permission to access /php-fastcgi/php5-cgi/index.php on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Nothing shows up in the logs. When I run a php script on a vhost which is configured the old way (nobody is in the usergroup) I get lines like these:
[Fri Feb 29 08:03:57 2008] [warn] FastCGI: (dynamic) server "/opt/csw/ apache2/share/htdocs/suexec/xxxxxxx.nl/php5-cgi" (uid 10003, gid 10001) started (pid 8253)
All the config files and scripts are the same so the problem should be file permissions I guess, any ideas?
thanks, Martijn de Munnik --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|