Return-Path: Delivered-To: apmail-modperl-archive@apache.org Received: (qmail 53640 invoked by uid 500); 1 Aug 2002 08:04:58 -0000 Mailing-List: contact modperl-help@apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list modperl@perl.apache.org Received: (qmail 53573 invoked from network); 1 Aug 2002 08:04:58 -0000 Message-ID: <3D48EB8A.8010808@stason.org> Date: Thu, 01 Aug 2002 16:04:26 +0800 From: Stas Bekman Organization: Hope, Humanized User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020510 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Joel Palmius Cc: modperl@perl.apache.org Subject: Re: Local file security (in 1.27) References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N [...] > So, question is: How do I protect my data files from being accessed by > anything else than my own perlhandler? Can I set another uid for all that > has to do with my specific perlhandler? Hints are most welcome. You can't. The only solution is run a dedicated server for each user. Currently the pure Apache solution is to use suexec, which you cannot run under mod_perl. This is all covered at: http://perl.apache.org/docs/general/multiuser/multiuser.html this issue will be addressed in 2.0 with perchild Apache mpm which allows you to run different groups of servers/threads under different uids/gids. If I remember correctly this mpm is highly experimental at this point. __________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:stas@stason.org http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com