On Wed, Aug 07, 2002 at 08:41:41PM -0400, Rob Saccoccio wrote: > At any rate, I've got alternatives if you think it should remain the way it > is (say to accommodate the use of the SuexecUserGroup at a finer config > granularity).
I would very much like to do (in Apache 1.3 syntax): <VirtualHost ...> ServerName example.com DocumentRoot /www/example.com/htdocs ScriptAlias /newprogram/ /www/example.com/newprogram/cgi <Location /newprogram> User newprog Group newprog </Location </VirtualHost> (to mean no suexec, except in /newprogram) My reasons is that I'm adding a new program to a site that isn't suexec enabled, and I want the added security that comes from running the new program as a new user. I've always assumed that this lack of functionality was just historical since the User/Group directives (and therefore entries in the structure) were presumably overloaded from the main server configuration when virtual hosting was added, and it was just convenience that suexec uses them. If this is correct presumably there are no fundamental reasons why suexec configuration cannot be more specific? I imagine this would be easier to add in Apache 2 now that the directive is different? Best wishes, James -- James Ponder; www.squish.net; London, UK