On Saturday 28 April 2001 12:13, Marcelo Gulin wrote: > You can use suEXEC mechanism to do that job. > suEXEC wrapper allow run CGI & SSI under different UIDs
My impression is that suEXEC only works for explicit user home directories wheras cgiwrap works with URLs that map to something equating a home directory and then runs them under whichever UID it finds. I'll have to check this more though. Also suEXEC doesn't seem to have any facilities for limiting the CPU usage, memory, etc for processes it runs. cgiwrap has this hard coded but it's still better than nothing. > > cheers > marcelo gulin > > > ----- Original Message ----- > From: Marcel Hicking <[EMAIL PROTECTED]> > To: <debian-isp@lists.debian.org> > Sent: Friday, April 27, 2001 3:44 AM > Subject: Re: Apache and multiple virtual domains > > > > What I want to do is have multiple virtual hosts with each virtual > > > host having a different UID for running CGI-BIN scripts. > > > > http://cgiwrap.unixtools.org/ > > "CGIWrap is a gateway program that allows general users to use CGI > > scripts and HTML forms without compromising the security of the http > > server. Scripts are run with the permissions of the user who owns the > > script. In addition, several security checks are performed on the > > script, which will not be executed if any checks fail." > > > > Since scripts uploaded via FTP will be owned by your customers > > UID, they should then run under his UID. I am not sure, however, > > if you could get the whole apache subprocess to be run under a > > different UID this way, but then I am not sure if this would > > give additional security or other advantages. > > > > BTW. I've seen some descriptions on how to set up CGIwrap > > transparently so your customers whouldn't even notice > > CGIwrap is running. Something with setting up a handler > > for file extensions. Maybecheck the tips and tricks page > > http://cgiwrap.unixtools.org/tricks.html on this as > > well as for some nice mod_rewrite rules ;-) > > > > Cheers, Marcel > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
