From owner-freebsd-questions@FreeBSD.ORG Fri Apr 30 00:58:50 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F48316A4CE for ; Fri, 30 Apr 2004 00:58:50 -0700 (PDT) Received: from mail03.talkactive.net (mail03.talkactive.net [81.19.252.192]) by mx1.FreeBSD.org (Postfix) with SMTP id 52DE543D49 for ; Fri, 30 Apr 2004 00:58:49 -0700 (PDT) (envelope-from mikkel@talkactive.net) Received: (qmail 46517 invoked from network); 30 Apr 2004 07:58:45 -0000 Received: from unknown (HELO ?192.168.1.103?) (81.19.252.4) by mail03.talkactive.net with SMTP; 30 Apr 2004 07:58:45 -0000 From: Mikkel Christensen Organization: Talk|Active To: freebsd-questions@freebsd.org Date: Fri, 30 Apr 2004 07:58:47 +0000 User-Agent: KMail/1.6.1 References: <200404262126.36157.mikkel@talkactive.net> <6.0.0.22.0.20040429140657.11cf1120@pop.face2interface.com> <200404291954.04559.mikkel@talkactive.net> In-Reply-To: <200404291954.04559.mikkel@talkactive.net> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200404300758.47067.mikkel@talkactive.net> Subject: Re: Suexec with Apache 1.3.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Apr 2004 07:58:50 -0000 On Thursday 29 April 2004 19:54, Mikkel Christensen wrote: > On Thursday 29 April 2004 18:20, Marty Landman wrote: > > At 01:13 PM 4/29/2004, Mikkel Christensen wrote: > > >On Thursday 29 April 2004 14:22, Marty Landman wrote: > > That said, the constraint > > that you point out is imposed by suexec is that the id owning that file > > must also own all the applications that have any access to that file. > > Unless you deem fit to make the file world readable, writeable, or executable. > > Technically if no other other users tha www itself is member of the www group I find the more sophisticated way of setting permissions you gain would be more important. > It is my believe that suexec by being too paranoid removes some great configuration options. Some options that I would personally prefer. > But of course this is my oppinion and i'll bet the people who maintain suexec disagree:) > Hmm may there is a way to get what I want. If apache's user is add'ed to all the groups that the users are member of this would work. Eg. user1 is member of the group user1. So is the www-user. Now setting permissions 644 would give access to everyone. Setting permissions 640 would deny all other users on the server access to the files. Setting permissions 600 would completely deny everyone from reading the files. This is what I wanted from the beginning. Setting www as group owner of the files would be a lot easier in my oppinion than adding the www-user so every user's group. But it will do. Now I'm happy:-) - Mikkel