httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gare" <g...@wanadoo.es>
Subject Re: [users@httpd] Security APACHE, PHP and CGI
Date Sat, 09 Apr 2005 16:53:39 GMT
Bo, they can't
FTP server controls the access by its own users list. The users can access 
to their directory, and just their directory. They can't go out their site. 
But FTP isn't the problem.
These users share the uid of a real user of the system, this user is the 
owner of the domain and the files in this domain.
For suexec, Apache serves subdomains with this user as User in httpd.cnf
I want to know if there is any way to avoid that CGI programs could access 
files in server, that is: a way to restrict the access of cgi scripts inside 
the home of a subdomain, like php does.

Thanks




----- Original Message ----- 
From: "Tim Burden" <tim@burden.ca>
To: <users@httpd.apache.org>
Sent: Saturday, April 09, 2005 6:18 PM
Subject: Re: [users@httpd] Security APACHE, PHP and CGI


> If they are all owned by one account, couldn't owners of one subdomain 
> just
> FTP in and erase the files of some other owner?
>
> ----- Original Message ----- 
> From: "Gare" <gare@wanadoo.es>
> To: <users@httpd.apache.org>
> Sent: Saturday, April 09, 2005 12:04 PM
> Subject: [users@httpd] Security APACHE, PHP and CGI
>
>
>> We have a site with several subdomains hosted, but the webmasters of 
>> these
>> subdomains are not allowed to use their own CGI nor PHP.
>> The box runs under Fedora with Apache 1.3, and webmasters of subdomains
> are
>> not users of the OS, they share the account of a user (the owner of the
> main
>> domain where subdomains are hosted).
>> I would like to offer php and cgi support, but I am worried about
> security.
>> I know that PHP can be configured in secure mofe and that we can control
>> access to directories.
>> But CGI is too powerful, and a CGI program can access a lot of files in
> the
>> server.
>> suExec is not a solution, because webmasters could access files in other
>> subdomains (they share the same account).
>>
>> Is there any solution to host subdomains with php and cgi without
> compromise
>> server and subdomains security?
>>
>> thanks
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
> 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message