>> please hack apart this solution and point out the error/insecure nature of >> apache compiled with suexec >> # set user and group to unique >> chown USERID:USERID /path/to/user/html/directory > >Make it -R in case any files managed to get in there before you did this. > error of omission on my part >> chmod -R 0750 /path/to/user/html/directory > >You still ought to move those files outside the web-tree... noted >> >in apache's httpd.conf >> # set each virtual host to run any accesses >> # as the group USERID giving them only access >> # to this directory... defeats PHP directory >> # and shell scripts as long as no public read bits >> # are set >> <virtual *> >> ServerName whatever.com >> Group USERID > >Bzzzzzt. Unless you are running Apache 2.0, this is ineffectual or >downright illegal syntax. suExec will *ONLY* work with PHP CGI. You'd have >to run a separate pool of httpd's for each user for this to work in Apache >1.3.x > >At least, so I've been told a few times. :-) Would like to know by whom to challenge/clarify/gain insight... >You're welcome to try it, but don't do it on a public server. > since posting have tried with multiple directories and accessing each as such... appears to function as expected without any errors. >> Apache 1.3.19 Any particular locations where to go to get further info prior to trying on production server? (Not worth it if it works fine for today and blows up tomorrow :) Thx Dave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
