perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colin Wetherbee <...@denterprises.org>
Subject Re: restrict virtual hosts programs
Date Sat, 12 Jan 2008 04:24:00 GMT
Jeff Pang wrote:
> I met a strange requirement that, given Apache has two virtual hosts,
> vhA and vhB, vhA's document root is: /path/a/; vhB's document root
> is: /path/b/.
> 
> vhA's programs are running under /path/a/cgi-bin, but actually, the
> programs of vhA can access vhB's directory (ie,they can open and
> write some files in /path/b/). vice versa, the programs of vhB can
> access vhA's directory.
> 
> This is because all virtual hosts are owned by Apache,if apache is
> run with nobody user and apache needs to write to some dirs,those
> dirs must be writable to nobody. That's to say, vhA can write to
> vhB's dirs,since they are all run with nobody user.
> 
> How to resolve it with modperl? is it possible? thanks!

How about suexec?  I used it quite some time ago, and it was awful to 
use, but it got the job done.

http://httpd.apache.org/docs/2.2/mod/mod_suexec.html

http://httpd.apache.org/docs/2.2/programs/suexec.html

Colin

Mime
View raw message