> please hack apart this solution and point out the error/insecure nature of the > setup. > > goal, provide php access to name based virtual hosts on FreeBSD boxes > > problem, security of PHP access to base system and other user scripts > > solution, > > apache compiled with suexec > # set user and group to unique > chown USERID:USERID /path/to/user/html/directory Make it -R in case any files managed to get in there before you did this. > # no public access to any files under here that > # you don't want public reading, like scripts > # with database login information in them > chmod -R 0750 /path/to/user/html/directory You still ought to move those files outside the web-tree... > # set group sticky execution... we will run > # apache as this unique group so may not be needed > chmod g+s /path/to/user/html/directory I don't grok this, so have no comment. > >in apache's httpd.conf > # set each virtual host to run any accesses > # as the group USERID giving them only access > # to this directory... defeats PHP directory > # and shell scripts as long as no public read bits > # are set > <virtual *> > ServerName whatever.com > Group USERID Bzzzzzt. Unless you are running Apache 2.0, this is ineffectual or downright illegal syntax. suExec will *ONLY* work with PHP CGI. You'd have to run a separate pool of httpd's for each user for this to work in Apache 1.3.x At least, so I've been told a few times. :-) You're welcome to try it, but don't do it on a public server. -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
