Hi,

I'm trying to get my apache webserver as secure as possible. The server is used for multiple virtual hosts and I want to isolate each vhost host. I used this document as a guide

http://snippets.dzone.com/posts/show/81

everything works fine. Each vhost is under a separate unix user/group and apache is running as nobody/nobody. The user nobody is also in all the usergroups but Solaris has a limit of 32 additional groups a user can be in. So there's my problem. I though the solution would be ZFS ACL's and tried that. The user nobody can navigate in the public_html directory of the vhost (nobody is not in the usergroup anymore) and apache shows HTML files. But when I want to show php files something goes wrong:

Forbidden
You don't have permission to access /php-fastcgi/php5-cgi/index.php on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Nothing shows up in the logs. When I run a php script on a vhost which is configured the old way (nobody is in the usergroup) I get lines like these:

[Fri Feb 29 08:03:57 2008] [warn] FastCGI: (dynamic) server "/opt/csw/ apache2/share/htdocs/suexec/xxxxxxx.nl/php5-cgi" (uid 10003, gid 10001) started (pid 8253)

All the config files and scripts are the same so the problem should be file permissions I guess, any ideas?

thanks,

Martijn de Munnik



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to