> I know it sounds crazy, but have you considered doing a chmod to the
> apache user? And to have a umask of 027?
s/chmod/chgrp/,s/user/group/
> That would give you a permission model of:
>
> -rw-r- 1 photos apache 101984 2010-11-23 13:14 4.jpg
--
Igor Galić
Tel: +43 (0) 664 886 22 88
- "Lowlight" wrote:
> Ok, so I have suexec working on my server and it's successfully
> serving
> pages as user's. The problem is that whenever a user uploads a file
> via
> a php or cgi script, the file gets 700 permissions (WHICH IS WHAT I
> WANT), but when the webserver goes to serve
Ok, so I have suexec working on my server and it's successfully serving
pages as user's. The problem is that whenever a user uploads a file via
a php or cgi script, the file gets 700 permissions (WHICH IS WHAT I
WANT), but when the webserver goes to serve that file, it does NOT
change to the s
Apache/2.2.3
CentOS release 5.4 (Final)
Hello,
I am in the process of setting up Backuppc but hit an issue that I
believe is caused by suexec. Full details here if your interested:
http://www.linuxquestions.org/questions/linux-server-73/suexec-backuppc-fun-829713/
My questions about suexec...
>
Phil Howard wrote:
On Thu, Aug 12, 2010 at 13:02, David Ricar wrote:
[...]
Sorry, I'm still not understanding what you are doing. I didn't
understand why you need two users per each site.
J. Greenlees wrote:
I believe the standard method of doing this to completely lock the
server from allo
David Ricar wrote:
Hello,
~snip~
So my concept is based on two basic users for every website - one for
ftp and another for suexec run. Homedir of both is one level above any
website data and it is owned by root, ftp is chrooted there. If suexec
would be able to just check if code is in users
On Thu, Aug 12, 2010 at 13:02, David Ricar wrote:
[...]
Sorry, I'm still not understanding what you are doing. I didn't
understand why you need two users per each site.
--
sHiFt HaPpEnS!
-
The official User-To-User support f
Phil Howard wrote:
I don't understand what it is you are doing, so I cannot comment on
whether it is common or not, or even secure. A test to detect if
others can write a file that would be executed is a critical test on a
multi-user machine. Similarly, testing if all parent directories can
be
On Thu, Aug 12, 2010 at 09:49, David Ricar wrote:
> I need just one thing: replace others writable tests by is_in_homedir
> test - suexec does not solve, who could rewrite the code, but where the
> code is located. My patch is rather naive and dirty proof of concept
> right now, I will polish it
Phil Howard wrote:
By suexec wrapper, I mean a program you write which will be placed
where Apache expects to find suexec. The real suexec will be moved to
somewhere else (maybe "real-suexec" in the same directory). Your
program will know where it is (and probably hard code that). Your
program
On Wed, Aug 11, 2010 at 18:24, David Ricar wrote:
> Phil Howard wrote:
>>
>> For maintenance, it might be easier for you to make an suexec wrapper.
>> Run your wrapper to do custom checks and if it decides to go on, it
>> runs suexec. That way your maintenance is for your program, only, and
>> y
Phil Howard wrote:
For maintenance, it might be easier for you to make an suexec wrapper.
Run your wrapper to do custom checks and if it decides to go on, it
runs suexec. That way your maintenance is for your program, only, and
you have to track a lot fewer changes to Apache code (basically jus
Jefferson Ogata wrote:
On 2010-08-11 13:23, David Ricar wrote:
Am I missing an obvious solution that is possible without the patch or
is my view too paranoid?
Mount all your content read-only.
Sadly most of the sites requires some places to upload images and so on,
so this is not applicable
On Wed, Aug 11, 2010 at 09:23, David Ricar wrote:
> Hello,
I don't think I see anything you are trying to accomplish different
than an ordinary multiuser server. You should be able to configure
where CGI can be run from to a narrow space. I assume FTP is for the
site owner to upload, including
On 2010-08-11 13:23, David Ricar wrote:
> Am I missing an obvious solution that is possible without the patch or
> is my view too paranoid?
Mount all your content read-only.
-
The official User-To-User support forum of the Apache
Hello,
for quite some time I am digging into webserver security and sadly, I
found basicaly two bad choices for multisite ultiuser server. I found
some disscussions about the subject, but it seems that I am still
missing something.
1) Standard way of usage with different ftp users and a singl
Dear all,
I have justed startet to experiment with suEXEC and Apache. I've
successfully configured a web server with the suEXEC feature,
and everything seems to work fine. However, there are a couple of things
in the documentation which i am a little uncertain about.
I am therefore hoping that
Please ignore my previous message. I was going nuts due to this and I
think I didn't see the "FOO" in elinks.
Its working properly now.
--
Nilesh Govindarajan
Site & Server Adminstrator
www.itech7.com
-
The official User-To-Us
On 02/03/2010 09:55 PM, dinar qorbanof wrote:
i think you can do what you want. create several wrapper "php-cgi"
scripts each in its own directory and for all of them it and that
directory of it should be with both user and group = user of it (and
wrapper script should be executable). drupal php
On Wed, Feb 3, 2010 at 10:03 AM, Thomas Antony wrote:
>
>
>
>> Now I have a common drupal codebase located at /srv/htdocs/drupal
>>
>> I am using this kind of setup - http://drupal.org/node/124268
>>
>> Only difference being all user directories are at /srv/htdocs as suexec
>> docroot is /srv.
>>
Now I have a common drupal codebase located at /srv/htdocs/drupal
I am using this kind of setup - http://drupal.org/node/124268
Only difference being all user directories are at /srv/htdocs as
suexec docroot is /srv.
Now the problem is FastCGI. FastCGISuexec has been configured.
at /srv/
i think you can do what you want. create several wrapper "php-cgi"
scripts each in its own directory and for all of them it and that
directory of it should be with both user and group = user of it (and
wrapper script should be executable). drupal php files can be owned by
any user and group.
-
Okay, I have now a different setup. After a lot of researching on
Google, I concluded that it is not possible to do what I wanted.
Now I have a common drupal codebase located at /srv/htdocs/drupal
I am using this kind of setup - http://drupal.org/node/124268
Only difference being all user dire
On 02/03/2010 01:09 PM, Thomas Antony wrote:
On 02/03/2010 12:11 PM, Gary Smith wrote:
They should not be able to use the default site's /files directory but
/sites//files
Any ideas ?
According to suExec docs, target file must be owned by the user and
group specified in SuExecUserGroup direc
On 02/03/2010 12:11 PM, Gary Smith wrote:
They should not be able to use the default site's /files directory but
/sites//files
Any ideas ?
According to suExec docs, target file must be owned by the user and
group specified in SuExecUserGroup directive. But this is not
possible here.
/srv/h
On 02/03/2010 12:11 PM, Gary Smith wrote:
They should not be able to use the default site's /files directory but
/sites//files
Any ideas ?
According to suExec docs, target file must be owned by the user and
group specified in SuExecUserGroup directive. But this is not possible here.
/srv/htdoc
> They should not be able to use the default site's /files directory but
> /sites//files
>
> Any ideas ?
>
> According to suExec docs, target file must be owned by the user and
> group specified in SuExecUserGroup directive. But this is not possible here.
>
> /srv/htdocs/main (drupal codebase) i
I am using drupal to configure a multi-site environment.
The thing is the codebase is same (that's why I am using drupal) but
different sites have to be configured on it.
I want to run different sites on different users because the users
should not exceed their file size quota. Drupal codebas
At 12:40 31-10-2009, Ro Achterberg wrote:
Hi,
I'm in the midst of building my chrooted Apache 2.2.14 + suexec +
mod_fastcgi + PHP installation, but the httpd --with-suexec-bin
configure directive doesn't seem to be working properly. Instead of
installing to /chroot/apache2/usr/sbin/suexec, wh
Hi,
I'm in the midst of building my chrooted Apache 2.2.14 + suexec +
mod_fastcgi + PHP installation, but the httpd --with-suexec-bin
configure directive doesn't seem to be working properly. Instead of
installing to /chroot/apache2/usr/sbin/suexec, where I want it to
live, it in fact installs
Greetings all.
I'm trying to enable suexec with a new apache2 installation. When I
compile and install, I don't get an enabled message with httpd -l:
Output of httpd -l
--
Compiled in modules:
core.c
mod_authn_file.c
mod_authn_default.c
mod_authz_host.c
mod_authz_gr
Hello,
On 07.08.08 15:04, Matus UHLAR - fantomas wrote:
> I configured my vhost to have TMPDIR variable set to particular directory.
> PHP scripts see this variable w/o problem, but not CGIs.
>
> I'm running suexec, and have patched it (yes, I know the risks) to pass this
> variable, but even whe
32 matches
Mail list logo