From owner-freebsd-security  Thu Nov 15  3:15:25 2001
Delivered-To: freebsd-security@freebsd.org
Received: from atkielski.com (atkielski.com [161.58.232.69])
	by hub.freebsd.org (Postfix) with ESMTP
	id 50B2A37B416; Thu, 15 Nov 2001 03:15:18 -0800 (PST)
Received: from contactdish (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by atkielski.com (8.11.6) id fAFBFAB54323; Thu, 15 Nov 2001 12:15:10 +0100 (CET)
Message-ID: <008001c16dc6$ca418bd0$0a00000a@atkielski.com>
From: "Anthony Atkielski" <anthony@atkielski.com>
To: "Dmitry Mottl" <dima@sinp.msu.ru>,
	<freebsd-questions@FreeBSD.ORG>, <freebsd-security@FreeBSD.ORG>
References: <3BF3A166.2090009@sinp.msu.ru>
Subject: Re: Apache question
Date: Thu, 15 Nov 2001 12:15:03 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

What exactly do you mean when you say that virtual hosts must have "no access to
each other"?

----- Original Message -----
From: "Dmitry Mottl" <dima@sinp.msu.ru>
To: <freebsd-questions@FreeBSD.ORG>; <freebsd-security@FreeBSD.ORG>
Sent: Thursday, November 15, 2001 12:05
Subject: Apache question


> Hi, All
>
> I have to configure www virtual hosts under Apache
> and I need that all virtual hosts have NO access (through cgi execution) to
each
> other.
>
> Is it good to start up proxy on 80 and
> about 100-300 backend httpd (each under it's own uid and gid),
> which will be paged in (from swap) if connection is requested.
>
> Is there a better solution?
>
> It seems that suexec apache mechanism will no help,
> cause I have to give hosters GID to access there files,
> so I can't specify properly permissions due to UNIX file security (uuugggooo).
> In this case I need to choose if GID=wwwguest or GID=hoster
>
> May be to set up a patch to use UFS extended attributes? (www.trustedbsd.org)
> I'm using FreeBSD 4.4-RELEASE
>
> --
> best regards,
> Dmitry Mottl
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message