httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jaqui Greenlees <jaqui_greenl...@yahoo.ca>
Subject Re: [users@httpd] Apache 2.2 security concern
Date Sat, 12 May 2007 09:00:24 GMT

--- Sam Lavitt <sam@lavitt.net> wrote:

> Sorry for my lack of clarity and experience, I came
> here looking for 
> advice and help.
This we do understand :)


> Based on my research, suexec only works for SSI and
> CGI, so it would be 
> pointless for providing security with php, and doing
> mass-hosting, php 
> is something in pretty common use.
Yes, PHP is very commonly used.
No, suexec does not limit it's functionality to ssl
and cgi, those those are the easiest implementations.
by using suexec for each site's owner and user / group
permissions for access, you can stop anyone from
accessing another user's files.


  And I am sorry,
> I mis-spoke, the mpm 
> was mpm_perchild for apache 2.0, which apparently is
> abandoned and 
> broken. (see
> http://httpd.apache.org/docs/2.0/mod/perchild.html )
>  I 
> lack the programing skills that would be needed to
> repair it unfortunately.
> 
> So is there anything that is functional, maintained,
> and would allow me 
> to provide the security that would be needed,
> ideally apache 2.2, if 
> not, at least 2.0?  Or any other webserver which can
> provide the 
> security needed?

Yes, as Nick mentioned, suexec and user/group
permissions are the common method for securing the
site(s) from this.
another option, slightly more hardware intensive is
the have each hosted site running as a separate
instance of apache chrooted so they do not have any
access to the rst of the servers file system.

Jaqui


      Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and
share what you know at http://ca.answers.yahoo.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message