Re: Apache and home directories (file browser).
From: Justin Hopper (jhopper_at_bsdhosting.net)
Date: 02/17/04
- Previous message: Damian Gerow: "Re: Apache and home directories (file browser)."
- In reply to: Lewis Thompson: "Re: Apache and home directories (file browser)."
- Next in thread: Dmitry Alyabyev: "Re: Apache and home directories (file browser)."
- Reply: Dmitry Alyabyev: "Re: Apache and home directories (file browser)."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: isp@freebsd.org Date: Tue, 17 Feb 2004 09:30:55 -0800
On Mon, 2004-02-16 at 15:13, Lewis Thompson wrote:
> On Mon, Feb 16, 2004 at 10:55:57PM +0100, Juan Jose Sanchez Mesa wrote:
> > > /home/joe/access_list <--- Access list for Joe's .htaccess
> > > files /home/tim/public_html/file_add.php <-- Some script Tim has
> > > in his directory
> > >
> > If you set open_base_dir value to '/home/tim/public_html/', the PHP
> > executed in this vhost, can't access any directory/file below it.
>
> I understand this. However, I don't see that this helps reading/writing
> to home directories. I really want home directories to be owned by the
> ``correct'' person and not all by the www user.
>
> Maybe I'm jumping the gun and assuming you are trying to answer my
> question when you're not -- sorry if this is the case ;)
>
> -lewiz.
If you are only going to allow access to the webserver through a
particular language, such as PHP or CGI, then either suPHP or suexec
should work fine to setuid the Apache process to the user while the
script is being run.
However, if you will be using Apache in a normal fashion, where users
can run PHP scripts, CGIs, etc., then you'll want to take a look at
something that provides a setuid function higher up in Apache's
pipeline. There is the per_child module, which ships with Apache 2.x,
but it is still in the "experimental" branch and I've heard that the
project was abandoned or has stalled. There is another project that has
branched off of it but I cannot recall its name. If you ask on the
apache-modules@covalent.net list, there are people who know (probably on
this list too).
We had a similar need with one of our products and ended up writing our
own module that setuid the Apache process to a user that was tied to a
virtual host. The process would then handle the request as the
specified user, executing PHP, browsing, executing CGIs, etc. The
module has so far worked really well and we might be releasing it as
Open Source in the near future.
-- Justin Hopper <jhopper@bsdhosting.net> UNIX Systems Engineer BSDHosting.net Hosting Division of Digital Oasys Inc. http://www.bsdhosting.net _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Damian Gerow: "Re: Apache and home directories (file browser)."
- In reply to: Lewis Thompson: "Re: Apache and home directories (file browser)."
- Next in thread: Dmitry Alyabyev: "Re: Apache and home directories (file browser)."
- Reply: Dmitry Alyabyev: "Re: Apache and home directories (file browser)."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
