On Wed, 27 Jun 2007 09:59:27 -0400 Rich Bowen <[EMAIL PROTECTED]> wrote:
> It's a request that comes up every single day in the various support > forums: I am in a hosted environment, I have a virtual host, and a > bunch of random strangers have full read permissions to my sensitive > files, is there any way around this? So one of the main problems is > not applications at all, but is static files. Folks want their > static files to be owned by themselves, and not readable to random > other users on the same system, but also serve-able by Apache. Group permissions. > There > are various user and group permission that can make this > sort-of-but-not- quite happen, because whatever you do, someone can > write a cgi program that can read your files. suexec. > So, in that situation, mod_fastcgi, mod_scgi, or whatever, are > completely ineffectual. Having a solution where FILES are read by > some other UID would solve this long-standing complaint. > > Speaking only as help-desk personnel, and not as a code developer - > I have no insight into how this would be implemented, I only answer > the question, every day of every week for the last half-dozen years. This is a problem that could be solved by documentation. Maybe not quite as simple, but when the alternative is accepting new connections whilst running as root. And if you really want it to be that simple, a solution would be to create a pre-packaged distribution that uses cgi+suexec to serve static files. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
