> Can I ask, how many Virtual Hosts are you handling on one computer? I think > it can't be very efective (see my previous mail).
We're doing about 50 virtual hosts that are very lightly used. > This solution is nice, but it's using PerChild module - I think. As far as I know we are not using anything called PerChild module --just straight suexec which is called to execute each cgi script. > I don't see any SuexecUserGroup directive :o) User $directory Group $directory We're also using mod_macro and mod_include in /etc/httpd.conf there is a line like: include /etc/apache/sites.txt In the /etc/sites.txt: there are lines like: Use Site eldermental eldermentalhealth.org --The include lines are after the macro definitions. ##### On Fri, 3 Oct 2003, Antonin Karasek wrote: > I don't see any SuexecUserGroup directive :o) > > This solution is nice, but it's using PerChild module - I think. > > Can I ask, how many Virtual Hosts are you handling on one computer? I think > it can't be very efective (see my previous mail). > > Dan MacNeil writes: > > > > >> has documentation on it. As far as I've experenced, you need 1 IP address > >> per user, but I hear you can run any number of users off the same IP > >> address. > > > > We are running many sites w/ suexec on (1) IP number. > > > > > > > > NameVirtualHost 129.63.24.92 > > > > <Macro Site $directory $host> > > <VirtualHost 129.63.24.92> > > ServerAdmin [EMAIL PROTECTED] > > ServerName $host > > ServerAlias www.$host > > DocumentRoot /home/sites/$directory/doc_root > > User $directory > > Group $directory > > > > ErrorLog /var/log/apache/sites/$directory/error.log > > CustomLog /var/log/apache/sites/$directory/referer.log referer > > CustomLog /var/log/apache/sites/$directory/combined.log combined > > > > Alias /reports /home/sites/$directory/reports > > > > ScriptAlias /cgi-bin /home/sites/$directory/cgi-bin > > <Directory /home/sites/$directory/cgi-bin> > > AllowOverride None > > Options IncludesNOEXEC ExecCGI > > </Directory> > > > > ScriptAlias /kwiki /home/sites/$directory/kwiki > > <Directory /home/sites/$directory/cgi-bin> > > DirectoryIndex index.html > > AllowOverride None > > Options IncludesNOEXEC ExecCGI > > </Directory> > > > > </VirtualHost> > > > > </Macro> > > > > > > > > > > > > On Fri, 3 Oct 2003, Daxal Communications - Surf the USA wrote: > > > >> Apache has increased CGI security by means of suexec. The Apache website > >> has documentation on it. As far as I've experenced, you need 1 IP address > >> per user, but I hear you can run any number of users off the same IP > >> address. > >> > >> If you discover how to enable suexec to allow any number of users to use the > >> same IP address, I'd be interested. I am currently using mass virtual > >> hosting with %0 as a virtualscriptalias and virtualdocumentroot delimiter. > >> eg, /var/webhosting/%0/docroot/ > >> > >> Cheers, > >> > >> > >> Scott > >> > >> ----- Original Message ----- > >> From: "Antonin Karasek" <[EMAIL PROTECTED]> > >> To: <[EMAIL PROTECTED]> > >> Sent: Friday, October 03, 2003 1:38 PM > >> Subject: CGI and Virtual Hosts > >> > >> > >> > Hi, > >> > I want to enable CGI on my web-hosting server, but I can't find out a good > >> > security model (permitions of files). I don't want files to be readable > >> for > >> > others and don't want CGI to run apache's group. The main problem is, that > >> > the files must belong to the same group as CGI is run. > >> > > >> > The best solution could be to chroot CGI scripts, but Apache can't do this > >> > (I think). > >> > > >> > Could anybody send me some useful links? > >> > > >> > Many thanks > >> > > >> > > >> > -- > >> > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > >> > with a subject of "unsubscribe". Trouble? Contact > >> [EMAIL PROTECTED] > >> > > >> > > >> > >> > >> > > > > > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]