httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Shea <s...@gtsdesign.com>
Subject Re: easy solution: Re: userspace permissions
Date Mon, 18 Oct 1999 22:24:04 GMT
> On Mon, 18 Oct 1999, Ragnar Kurm wrote:
> > my site has many users each have different virtual domain.
> > apache runs as nobody.
> > problem: users can access each other's docroots.
> > question: if and how can i run httpd with virtual hosts so that all files
> > for virtualdomain are accessed as different user. in the other words can
> > apache httpd configured to have uid x if it needs to access virtual domain
> > y and uid m for virtual domain n.
> 
> I've read a bunch of the other responses and it seems they are all trying
> to make the problem much more difficult than it needs to be. I do this all
> the time, with standard configuration on my server. Of course, maybe I am
> not reading your problem correctly, and if so, then please correct me.
> 
> The first thing to do is create a group, call it "www". Set up Apache to
> run as nobody:www.
> 
> Next, create your virtual directories using the user, this group, and the
> group-sticky bit (more in a bit):
> 
> ../vhosts/:
> drwxr-s---  john  www   john-vhost-dir
> drwxr-s---  jane  www   jane-vhost-dir

I'm thinking that this is a nice idea so users can hack around
in their directories, but am not clear on how it helps for CGI.  The
web server is running as nobody/www (say), and runs CGIs under the
same user/group.  Suppose a CGI creates a file.  The resulting
file will be owned by nobody/www, leaving the user no permissions
(except 'other', which is presumably nothing) on the file.  Am I
missing something?

	Gary

-----------------------------------------------------------------
Gary Shea                                       shea@xmission.com
Salt Lake City                      http://www.xmission.com/~shea


Mime
View raw message