Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 63187 invoked by uid 500); 18 Mar 2002 15:55:37 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 63166 invoked from network); 18 Mar 2002 15:55:30 -0000 Received: from unknown (HELO babbler.csp.org.by) (80.94.224.242) by daedalus.apache.org with SMTP; 18 Mar 2002 15:55:30 -0000 Received: from cyan ([192.168.1.150]) by babbler.csp.org.by (8.11.1/8.11.1) with ESMTP id g2IG0c317275 for ; Mon, 18 Mar 2002 18:00:38 +0200 Date: Mon, 18 Mar 2002 18:01:47 +0200 From: Artiom Morozov To: users@httpd.apache.org Subject: Re: Re: Limit a user's CGI in his/her directory Message-ID: <20020318180147.M21882@cyan.csp.org.by> References: <200203181506.g2IF6Bb81127@sydmail3.telpacific.com.au> Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=gb2312 Content-Transfer-Encoding: 8bit In-Reply-To: =?gb2312?Q?=3C200203181506=2Eg2IF6Bb81127?= =?gb2312?Q?=40sydmail3=2Etelpacific=2Ecom=2Eau=3E=3B_from_guyuan=40telpac?= =?gb2312?B?aWZpYy5jb20uYXUgb24g8M7ELCDtwdI=?= 18, 2002 at 18:15:53 +0200 X-Mailer: Balsa 1.2.3 Lines: 47 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N I really don't know how it works with suexec, but there's no limits except for those imposed by you when compiling cgiwrap. As for "read all", well, you probably can't get around of that without chroot for all the files, but imho it's not a big problem if user will read some common system files. Still you can separate users' homes by chmod'ing their directories to -rwx------. On 2002.03.18 18:15 Richard wrote: > Dear Artiom Morozov > > I think the CGIwrap you mentioned might solve my problem. > Actually, I've tried the suEXEC. It seems that I have to > make the user name same as the user group. e.g. if I > create a user richard, I have to put him into a group > richard, otherwise, the perl script cann't execute. > This is not really convenient, because all my users > are in one group. > > Also, you mentioned that set access rights properly. However, > most of files in FREEBSD are anyone read. Will it cause > problems if I change the access rights? > > > >PS: it's also possible to have CGIs from diff. users to run under > diff. > >UIDs, so you don't even have to use chrooting, just set access rights > > >properly. Again, wrapper should be used ;-) > > > ---- Web Space Station Software Development and Web Design http://www.web-space-station.com/ Web Master Aid Premier Tools for Webmasters and Site Owners http://www.webmasteraid.com/ Web Host Station Web site hosting and maintenance http://www.webhoststation.com/ Fast E-book Compiler The Fastest E-book Publishing Software http://www.fastebook.com/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org