What is the best and simplest way to have a multiple users and virtual hosts with apache
i mean, how can i prevent CGI-scripts of user A , read and/OR write , files owned by user B
(php5 with apach2 in mod_php5)
same thing appears with perl cgi ...
i also, see that it's possible for maliciuous user to see /etc/*conf files etc...
how to secure this 2 items.
i thanks you lot.
--
thanks a lot.
You must be aware that mod_php is not CGI. If you run PHP as an Apache
module there's not much you can do beyond enabling PHP's safe mode. See
here for further reference:
(Anyway, safe mode might do the trick for PHP.)
As about CGI, I haven't used it and I cannot tell you if it's suitable
but Apache supports suexec:
http://httpd.apache.org/docs/2.2/en/suexec.html
> i also, see that it's possible for maliciuous user to see /etc/*conf files etc...
Last but not least, you can chroot:
http://httpd.apache.org/docs/2.2/mod/mpm_common.html#chrootdir
However, it's not easy to configure.
--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://borrame.com
-- Mi web de humor satinado: http://www.demogracia.com
--
It's simple, not perfect.
HansH
The standard approach, part of apache, is to use suexec
With this, apache will su to the userid that owns the Virtual Host, so
that CGI can only run if it is accessible to the owner of the Vhost.
What is more, the CGI scripts can access only files that the owner has
access to.
This is the way that commercial hosts, which allow users to write their
own scripts, works.
--
Steve Swift
http://www.swiftys.org.uk/swifty.html
http://www.ringers.org.uk
i will try the suexec.
have a nice day.
--
thanks a lot.