Apache and multiple Virtual Hosts best practices
Timothy Ha
linuxmail at yandex.ru
Thu Dec 16 23:36:55 UTC 2004
Sorry, I am still stuck with point 3. suphp seems to work with PHP as
CGI (a problem which suexec also solves). But since my PHP is a module
(or filter in Apache2), suphp doesn't help. PHP scripts can't write in
the user's directories.
So, I need help with current topic, too :-)
Timothy.
Timothy Ha wrote:
> Virtual hosting user may want to write to their directories, I think.
>
> Recently I stumbled with making up a relatively secure Apache virtual
> hosting installation. This is my solution to this moment:
>
> 1) users are Unix users at my server, they have FTP locked up in their
> home directories (ProFTPd has this option)
> 2) Apache httpd service runs with apache uid/gid. apache is member of
> each user's personal group, so the website is functioning
> 3) for scripts like PHP to write in user directories, I use suphp
> module (www.suphp.org) that runs php scripts with their owner's
> rights. So even if users know about other logins, they cannot just
> fopen("/home/otheruser/index.php", "r") to read something, because
> their script doesn't have the right.
> 4) for CGI scripts (Perl and other stuff), one can use suexec (one of
> my recent topics here), but I don't have CGI that write in
> directories, so I don't care.
>
> If anyone has a better solution, please write. I would be glad to know.
>
> Timothy
More information about the fedora-list
mailing list