httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Wilson <gwil...@plus.net>
Subject [users@httpd] suexec in a mod_rewrite setup
Date Fri, 11 Mar 2005 09:27:15 GMT
Greetings list members!

I hope you can help me with understanding more about what can be done 
with suexec in a rewtirren world.  Let me explain - I have a platform 
geared to mass hosting for CGI scripts.  I do no use virtualhosts, and 
instead use the rewrite engine and map files to do on the fly location 
of customer sites (all sites have the form cgi.USER.domain), so with 
map lookups on the incoming request, cgi.user1.domain automatically 
gets mapped to /files/www/home1/user1/htdocs (for example).  This 
has worked fine for years.

However, we now wish to  tighten up on security and move away from all 
users belonging to the same group (which the web server also belongs 
to), and we would like all user's (perl/php/shell etc) scripts to be
executed as themselves so user data is better protected - for this I'd
like to use suexec, but the problem I have is that suexec relies on the 
Suexecusergroup directive within a virtual host to work (we don't use 
userdirs).

Someone suggested to me that this isn't a problem because you can do
variable substitution to directives in the configuration file, so 
you can essentially do: Suexecusergroup $user $group instead.  Whilst 
I have never heard of this functionality, nor seen it, I decided to be 
open-minded (he cited someone else has done this elsewhere), and did 
some research, but I can't find any references to these techniques.

Have I been given a bum steer here?

If I have, what suggestions do the group have to allow mass hosting
using suexec (other than having to maintain many thousands of 
virtualhost entries in httpd.conf)?  If suexec isn't practical, 
what other options are there to allow me to have users scripts run 
as themselves?

Thank you for your time and consideration :)

Gary Wilson



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message