httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] suexec providing access to other user's files
Date Sat, 14 Sep 2002 13:57:24 GMT

On Sat, 14 Sep 2002, Wim Godden wrote:

> I've installed suexec and want to use it to allow people to run cgi
> programs.

> Now, when user A has simple ksh-script containing this :
> #!/usr/bin/ksh
> print "\n"
> cat /hosting/userb.com/www/html/index.html
>
> Then the index.html is shown. It gets even worse if he reads files with
> passwords.
>
>
> How can I stop users from reading eachother's files ? I can't put the
> directory on 700, because then Apache won't be able to read it anymore,
> right ?

All suexec does is change the userid that the cgi runs under.  It is your
responsibility to set permissions on files such that the relevant userid
can only access the files that you want.  One clue: create a "groupa" that
contains "usera" and "apache" (or whatever user the web server runs
under).  Then change the permissions of all files under usera.com so that
only groupa can read them and only usera can write them.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message