httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Ponder <>
Subject suexec within Location
Date Mon, 19 Aug 2002 00:20:36 GMT
On Wed, Aug 07, 2002 at 08:41:41PM -0400, Rob Saccoccio wrote:
> At any rate, I've got alternatives if you think it should remain the way it
> is (say to accommodate the use of the SuexecUserGroup at a finer config
> granularity).

I would very much like to do (in Apache 1.3 syntax):

<VirtualHost ...>
  DocumentRoot /www/
  ScriptAlias /newprogram/ /www/
  <Location /newprogram>
    User newprog
    Group newprog

(to mean no suexec, except in /newprogram)

My reasons is that I'm adding a new program to a site that isn't suexec
enabled, and I want the added security that comes from running the new
program as a new user.

I've always assumed that this lack of functionality was just historical
since the User/Group directives (and therefore entries in the structure)
were presumably overloaded from the main server configuration when
virtual hosting was added, and it was just convenience that suexec uses
them.  If this is correct presumably there are no fundamental reasons
why suexec configuration cannot be more specific?

I imagine this would be easier to add in Apache 2 now that the directive
is different?

Best wishes, James
James Ponder;; London, UK

View raw message