httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] Virtual Hosts unter 1.3.29 and PHP4.3.6
Date Tue, 08 Jun 2004 17:04:17 GMT

On Tue, 8 Jun 2004, Florian Dörsch wrote:
> Now I found following bug(?)/problem: If I create a directory/file on
> b.domain.tld with a PHP-Script, it will be created with the "masteruser", I
> mean the User "apache" and not with "a" or "b". I tried to fix that to set
> the user in http_protocoll.c per request. The fix worked, but no cookies or
> sessions worked anymore. So this won't be the master solution.

This is a well-known limitation of the unix security model implemented by 
apache.  The "User" specified in each vhost is used *only* for cgi script 
called by suexec.  It is not used for normal request processing by modules 
such as php.

Your alternatives are to use php-based restrictions such as "safe mode", 
or remove the php module and call php as a cgi script via suexec.
(Or, if you have a small number of users, you can have a separate apache 
serving each virtual host under a separate userid.)

Joshua.

Mime
View raw message