On Tue, 10 Jun 2003 at 05:24:59PM +0200, Stefan Neufeind wrote:
> Thank you for the information. Am I right that php-skripts then would
> need an execute-bit set? Currently they don't have ...
>
They will be being treated like a normal binary file, so yes (that is,
if you want yours scripts to w
On Tue, 2003-06-10 at 08:24, Stefan Neufeind wrote:
> Thank you for the information. Am I right that php-skripts then would
> need an execute-bit set? Currently they don't have ...
>
Unfortunately, yes. Otherwise you'll get a 500 Internal Server Error or
the likes.
- Jon
--
[EMAIL PROTECTE
On Tue, 10 Jun 2003 at 05:24:59PM +0200, Stefan Neufeind wrote:
> Thank you for the information. Am I right that php-skripts then would
> need an execute-bit set? Currently they don't have ...
>
They will be being treated like a normal binary file, so yes (that is,
if you want yours scripts to w
Thank you for the information. Am I right that php-skripts then would
need an execute-bit set? Currently they don't have ...
On 9 Jun 2003 at 17:59, Jon wrote:
> On Mon, 2003-06-09 at 17:28, Phillip Hofmeister wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On Mon, 09 Jun 2
On Tue, 2003-06-10 at 08:24, Stefan Neufeind wrote:
> Thank you for the information. Am I right that php-skripts then would
> need an execute-bit set? Currently they don't have ...
>
Unfortunately, yes. Otherwise you'll get a 500 Internal Server Error or
the likes.
- Jon
--
[EMAIL PROTECTE
Thank you for the information. Am I right that php-skripts then would
need an execute-bit set? Currently they don't have ...
On 9 Jun 2003 at 17:59, Jon wrote:
> On Mon, 2003-06-09 at 17:28, Phillip Hofmeister wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On Mon, 09 Jun 2
On Mon, 2003-06-09 at 17:28, Phillip Hofmeister wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Mon, 09 Jun 2003 at 09:35:49PM +0200, Stefan Neufeind wrote:
> > But you mean starting with #! ?? How could I use the normal way of
> > setting a cgi-handler for calling .php-files? Kno
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 09 Jun 2003 at 09:35:49PM +0200, Stefan Neufeind wrote:
> But you mean starting with #! ?? How could I use the normal way of
> setting a cgi-handler for calling .php-files? Know what I mean?
>
> Using Misc Binary-support (and therefor patchin
On Mon, 2003-06-09 at 17:28, Phillip Hofmeister wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Mon, 09 Jun 2003 at 09:35:49PM +0200, Stefan Neufeind wrote:
> > But you mean starting with #! ?? How could I use the normal way of
> > setting a cgi-handler for calling .php-files? Kno
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 09 Jun 2003 at 09:35:49PM +0200, Stefan Neufeind wrote:
> But you mean starting with #! ?? How could I use the normal way of
> setting a cgi-handler for calling .php-files? Know what I mean?
>
> Using Misc Binary-support (and therefor patchin
But you mean starting with #! ?? How could I use the normal way of
setting a cgi-handler for calling .php-files? Know what I mean?
Using Misc Binary-support (and therefor patching the kernel) seems no
solution to me. Isn't there some way to make it work using Apache-
features?
On 9 Jun 2003 at
"Stefan Neufeind" <[EMAIL PROTECTED]> writes:
> But afaik you run into real problems when you try to use suexec with
> php, don't you? Or has anybody managed to get this running correctly?
> (for Apache 1.3.x !!!).
You do if you use php scripts that are parsed by the server itself.
You can use
On Mon, 2003-06-09 at 07:59, Stefan Neufeind wrote:
> But afaik you run into real problems when you try to use suexec with
> php, don't you? Or has anybody managed to get this running correctly?
> (for Apache 1.3.x !!!).
There *are* issues with running suExec + php. First, php must be run as
a
But you mean starting with #! ?? How could I use the normal way of
setting a cgi-handler for calling .php-files? Know what I mean?
Using Misc Binary-support (and therefor patching the kernel) seems no
solution to me. Isn't there some way to make it work using Apache-
features?
On 9 Jun 2003 at
On Mon, 09 Jun 2003 at 04:59:10PM +0200, Stefan Neufeind wrote:
> But afaik you run into real problems when you try to use suexec with
> php, don't you? Or has anybody managed to get this running correctly?
> (for Apache 1.3.x !!!).
You use suexec, php*-cgi, and MISC Binary support (Kernel) to a
On Mon, 09 Jun 2003 at 05:02:41PM +0200, Stefan Neufeind wrote:
> does it work without problems with php? if you use as cgi-variant?
> Think I tried this some time ago and ran into some probllems. Does it
> work for your setup? How?
Here is the caviot: the O/S does not recognize extensions. To
"Stefan Neufeind" <[EMAIL PROTECTED]> writes:
> But afaik you run into real problems when you try to use suexec with
> php, don't you? Or has anybody managed to get this running correctly?
> (for Apache 1.3.x !!!).
You do if you use php scripts that are parsed by the server itself.
You can use
On Mon, 2003-06-09 at 07:59, Stefan Neufeind wrote:
> But afaik you run into real problems when you try to use suexec with
> php, don't you? Or has anybody managed to get this running correctly?
> (for Apache 1.3.x !!!).
There *are* issues with running suExec + php. First, php must be run as
a
On Mon, 09 Jun 2003 at 04:59:10PM +0200, Stefan Neufeind wrote:
> But afaik you run into real problems when you try to use suexec with
> php, don't you? Or has anybody managed to get this running correctly?
> (for Apache 1.3.x !!!).
You use suexec, php*-cgi, and MISC Binary support (Kernel) to a
On Mon, 09 Jun 2003 at 05:02:41PM +0200, Stefan Neufeind wrote:
> does it work without problems with php? if you use as cgi-variant?
> Think I tried this some time ago and ran into some probllems. Does it
> work for your setup? How?
Here is the caviot: the O/S does not recognize extensions. To
But afaik you run into real problems when you try to use suexec with
php, don't you? Or has anybody managed to get this running correctly?
(for Apache 1.3.x !!!).
On 6 Jun 2003 at 17:06, Wade Richards wrote:
> On 06 Jun 2003 16:15:37 PDT, Jon writes:
> >I believe Apache would still be executing
But afaik you run into real problems when you try to use suexec with
php, don't you? Or has anybody managed to get this running correctly?
(for Apache 1.3.x !!!).
On 6 Jun 2003 at 17:06, Wade Richards wrote:
> On 06 Jun 2003 16:15:37 PDT, Jon writes:
> >I believe Apache would still be executing
On Fri, 06 Jun 2003 at 05:06:20PM -0700, Wade Richards wrote:
> I suggest you look up the suEXEC Apache module, it seems to do exactly what
> you want.
suEXEC and php(3|4)-cgi...
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.
On Fri, 06 Jun 2003 at 05:06:20PM -0700, Wade Richards wrote:
> I suggest you look up the suEXEC Apache module, it seems to do exactly what
> you want.
suEXEC and php(3|4)-cgi...
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.
Woon Wai Keen @ doubleukay.com wrote:
#2 - ERUP (enhanced regular user privileges)
http://www.wijata.com/erup
and this one lets me grant the apache user (www-data) privilege to perform
uid/gid switching , so that i dont have to run apache as root .
Ahnow I understand. First I thought this w
Woon Wai Keen @ doubleukay.com wrote:
maybe you can try what i've used , which basically is :
#1 - mod_diffprivs
Wow, this is really exciting! Thank you very much!
I immediately downloaded and compiled it. Now my httpd.conf looks like this:
ServerAdmin [EMAIL PROTECTED]
ServerName do
> I want to enable some friends of mine to host their web pages on my
> woody server. It has Apache LAMP running in great shape and it suits my
> Web page just fine. The Problem that I have now is, that the apache user
> is www-data. Well, I guessed I could just change the user permissions on
> the
Woon Wai Keen @ doubleukay.com wrote:
#2 - ERUP (enhanced regular user privileges)
http://www.wijata.com/erup
and this one lets me grant the apache user (www-data) privilege to perform
uid/gid switching , so that i dont have to run apache as root .
Ahnow I understand. First I thought this was m
Woon Wai Keen @ doubleukay.com wrote:
maybe you can try what i've used , which basically is :
#1 - mod_diffprivs
Wow, this is really exciting! Thank you very much!
I immediately downloaded and compiled it. Now my httpd.conf looks like this:
ServerAdmin [EMAIL PROTECTED]
ServerName domain
> I want to enable some friends of mine to host their web pages on my
> woody server. It has Apache LAMP running in great shape and it suits my
> Web page just fine. The Problem that I have now is, that the apache user
> is www-data. Well, I guessed I could just change the user permissions on
> the
On 06 Jun 2003 16:15:37 PDT, Jon writes:
>I believe Apache would still be executing php/cgi scripts as www-data,
>so users could snoop on other users's scripts, session files, etc.
>
>Something like:
>
I suggest you look up the suEXEC Apache module, it seems to do exactly what
you want.
--- W
On Fri, 2003-06-06 at 15:42, Tim Cunningham wrote:
> Is there some reason why you can't give each user an account and have them
> put their files in ~/public_html? That would have their page show up at
> domain.net/~username/.
>
> Sorry if you already knew this and I'm misunderstanding the prob
Hi,
On Sat, 07 Jun 2003 00:03:59 +0200, Juan Antonio Agudo writes:
>I want to enable some friends of mine to host their web pages on
>my woody server. It has Apache LAMP running in great shape and it
>suits my Web page just fine. The Problem that I have now is, that
>the apache user is www-data. W
Is there some reason why you can't give each user an account and have them put
their files in ~/public_html? That would have their page show up at
domain.net/~username/.
Sorry if you already knew this and I'm misunderstanding the problem.
On Sat, 07 Jun 2003 00:03:59 +0200
Juan Antonio Agudo <
On 06 Jun 2003 16:15:37 PDT, Jon writes:
>I believe Apache would still be executing php/cgi scripts as www-data,
>so users could snoop on other users's scripts, session files, etc.
>
>Something like:
>
I suggest you look up the suEXEC Apache module, it seems to do exactly what
you want.
--- W
Okay, I already posted this message to debian-users, but please don't
flame me - i just figured that maybe debian-security is the better place
to post a request for help like this. Clearly enough this is a security
concern, after all. So maybe you could be so kind and help me out on
this one:
On Fri, 2003-06-06 at 15:42, Tim Cunningham wrote:
> Is there some reason why you can't give each user an account and have them put their
> files in ~/public_html? That would have their page show up at domain.net/~username/.
>
> Sorry if you already knew this and I'm misunderstanding the problem
Hi,
On Sat, 07 Jun 2003 00:03:59 +0200, Juan Antonio Agudo writes:
>I want to enable some friends of mine to host their web pages on
>my woody server. It has Apache LAMP running in great shape and it
>suits my Web page just fine. The Problem that I have now is, that
>the apache user is www-data. W
Is there some reason why you can't give each user an account and have them put their
files in ~/public_html? That would have their page show up at domain.net/~username/.
Sorry if you already knew this and I'm misunderstanding the problem.
On Sat, 07 Jun 2003 00:03:59 +0200
Juan Antonio Agudo <[
Okay, I already posted this message to debian-users, but please don't
flame me - i just figured that maybe debian-security is the better place
to post a request for help like this. Clearly enough this is a security
concern, after all. So maybe you could be so kind and help me out on
this one:
40 matches
Mail list logo