httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Magdi Ahmed" <ma...@garo.ca>
Subject suexec enhancement
Date Sun, 08 Feb 2004 00:35:35 GMT
Hi,

I host many sites on my server, and have found suEXEC to be a great benefit
for both security and keeping everything tidy.  The one problem I have
always had with it is that it cannot work with a shared script. So I
couldn't provide my virtual hosts with a common page counter script.

This caused me quite a headache over the years, it was either I used suexec
for a virtual host and copied the shared scripts to that hosts directory, or
didn't use suexec at all and run the risk of users executing insecure
scripts.

I finally resolved to modify suexec to include a shared directory root (that
still must be in the document root) along with a valid shared user/group.
suexec now bypasses some of the checks for scripts in that directory and
allows scripts to run from that directory if they are owned by the
designated user/group. I have included my modified suexec for your review
and comments.



Thank You,
Magdi Ahmed


Mime
View raw message