From owner-freebsd-isp Sat Jan 4 17: 8:19 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E10C637B401 for ; Sat, 4 Jan 2003 17:08:17 -0800 (PST) Received: from stealth.siteplus.com (ns1.siteplus.com [66.129.2.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 18EDB43EA9 for ; Sat, 4 Jan 2003 17:08:17 -0800 (PST) (envelope-from jim@jwweeks.com) Received: from veager.jwweeks.com (pcp03144169pcs.midval01.tn.comcast.net [68.59.246.106]) by stealth.siteplus.com (8.12.6/8.12.6) with ESMTP id h05182qh051610; Sat, 4 Jan 2003 20:08:02 -0500 (EST) (envelope-from jim@jwweeks.com) Date: Sat, 4 Jan 2003 20:07:15 -0500 (EST) From: Jim Weeks To: Adrian NoSpm! Cc: freebsd-isp@FreeBSD.ORG Subject: Re: how do you have seperate UIDs for each frontpage web? In-Reply-To: Message-ID: <20030104194543.J11824-100000@veager.jwweeks.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 3 Jan 2003, Adrian NoSpm! wrote: > What are the security consequences of having > all the file files owned by fpuser and writable > by that group? Hi Adrian, Sorry I was late in getting back to you. Their shouldnt be a security problem as long as fpuser is an unprivileged user, ie /sbin/nologin. In fact I have a web site offering free 30 days hosting for frontpage only accounts. The idea is to give the individual an opportunity to see if web site authoring with frontpage is realy for them. I wrote a script that sets up each account as a subdomain of xxxxxx.com and they are all owned by the same unprivileged user. Belive me, I have had people sign up for an account that had nothing more in mind than to break into the server. Not to say it couldn't happen, but so far so good. Offering access only through frontpage seems to limit the possibilities. I have to say that I am completely puzzled by your situation. When any of the above mentioned users actually upgrade to a paid account, I simply create the new account, cp -Rp the old directory to the new user account, chown -R and chgrp -R the whole fp directory. I then copy /usr/local/frontpage/user.xxxxxx.com:80.cnf > /usr/local/frontpage/thierdomain.com:80.cnf, and every thing continues to work as before. You didn't mention, but are you by any chance trying to use apache suexec in additon to frontpage? This can definitely cause a conflict. -- Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message