Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 15 Nov 2001 12:15:03 +0100
From:      "Anthony Atkielski" <anthony@atkielski.com>
To:        "Dmitry Mottl" <dima@sinp.msu.ru>, <freebsd-questions@FreeBSD.ORG>, <freebsd-security@FreeBSD.ORG>
Subject:   Re: Apache question
Message-ID:  <008001c16dc6$ca418bd0$0a00000a@atkielski.com>
References:  <3BF3A166.2090009@sinp.msu.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
What exactly do you mean when you say that virtual hosts must have "no access to
each other"?

----- Original Message -----
From: "Dmitry Mottl" <dima@sinp.msu.ru>
To: <freebsd-questions@FreeBSD.ORG>; <freebsd-security@FreeBSD.ORG>
Sent: Thursday, November 15, 2001 12:05
Subject: Apache question


> Hi, All
>
> I have to configure www virtual hosts under Apache
> and I need that all virtual hosts have NO access (through cgi execution) to
each
> other.
>
> Is it good to start up proxy on 80 and
> about 100-300 backend httpd (each under it's own uid and gid),
> which will be paged in (from swap) if connection is requested.
>
> Is there a better solution?
>
> It seems that suexec apache mechanism will no help,
> cause I have to give hosters GID to access there files,
> so I can't specify properly permissions due to UNIX file security (uuugggooo).
> In this case I need to choose if GID=wwwguest or GID=hoster
>
> May be to set up a patch to use UFS extended attributes? (www.trustedbsd.org)
> I'm using FreeBSD 4.4-RELEASE
>
> --
> best regards,
> Dmitry Mottl
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?008001c16dc6$ca418bd0$0a00000a>