httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] Security APACHE, PHP and CGI
Date Sat, 09 Apr 2005 17:59:38 GMT
On Apr 9, 2005 12:53 PM, Gare <gare@wanadoo.es> wrote:
> Bo, they can't
> FTP server controls the access by its own users list. The users can access
> to their directory, and just their directory. They can't go out their site.
> But FTP isn't the problem.
> These users share the uid of a real user of the system, this user is the
> owner of the domain and the files in this domain.
> For suexec, Apache serves subdomains with this user as User in httpd.cnf
> I want to know if there is any way to avoid that CGI programs could access
> files in server, that is: a way to restrict the access of cgi scripts inside
> the home of a subdomain, like php does.

No, not that I know of.  CGI allows people to run arbitrary programs
on the server.  If you let them all run under the same userid, then
there is no way to use unix permissions to restrict their activities. 
Overall, it doesn't sound like a good idea to me.  It is like giving
them all telnet access with the same userid and password.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message