From owner-freebsd-isp@FreeBSD.ORG  Tue Jul 29 10:12:57 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 330DB37B401
	for <freebsd-isp@freebsd.org>; Tue, 29 Jul 2003 10:12:57 -0700 (PDT)
Received: from ns.aces.pt (ns.aces.pt [195.22.10.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 880CA43F93
	for <freebsd-isp@freebsd.org>; Tue, 29 Jul 2003 10:12:53 -0700 (PDT)
	(envelope-from marco@aces.pt)
Received: from marco (nor098.esoterica.pt [195.22.19.98] (may be forged))
	by ns.aces.pt (8.10.2/8.10.2) with SMTP id h6TH7UZ22071
	for <freebsd-isp@freebsd.org>; Tue, 29 Jul 2003 18:07:32 +0100
Message-ID: <007d01c355f4$8e54a900$6b026b83@marco>
From: =?iso-8859-1?Q?Marco_Gon=E7alves?= <marco@aces.pt>
To: "FreeBSD ISP List" <freebsd-isp@freebsd.org>
Date: Tue, 29 Jul 2003 18:12:04 +0100
MIME-Version: 1.0
Content-Type: multipart/related;
	type="multipart/alternative";
	boundary="----=_NextPart_000_0079_01C355FC.EA2BBB80"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Content-Filtered-By: Mailman/MimeDel 2.1.1
Subject: Virtual Hosting Security
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jul 2003 17:12:57 -0000

This is a multi-part message in MIME format.

------=_NextPart_000_0079_01C355FC.EA2BBB80
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Dear ISP collegues,

we are runing a couple of servers with FreeBSD that are serving multiple =
domains (virtual hosting) runing all comon services (web, email, dns, =
ftp, etc)

We run Apache as www user and www group and the common layout for the =
web directory is

/home/user1/www/
/home/user2/www/
/home/user3/www/

where the permissions on each home directory (user1, user2, etc) is=20

r-xrwx---    www   usergroup

apache can enter in the directory and also group users members. So we =
can give ssh acess to users, that the user can only enter in his own =
directory and cannot browse other user directories

the problem is that we offer php4 as a mod_php4 for Apache and even =
though we didnt had (yet) no problem in theory is ease to set up a php =
script using filesystem functions to run, list and view file contents of =
other users...cause the script is runing as www user and this user has =
permissions to enter/read all users www directory.... how can i fix =
this? must i use suexec? does it run properly? do i have to put php as =
cgi only? what is the tradeoff in performance?


Other thing (maybe this shoul be on other email...) we are developping =
our own control panel, and for system password we are using a PHP script =
that uses poppassd on port 106 that does all the work. The problem is =
that i have to run poppasswd from inetd, and this sucks specially cause =
its the only service that i need inetd... can i run it from tcpserver? =
How? Where can i found good info on this (the documentation on =
DBernstein site really sucks for a not so experienced sys admin like =
me)? Is it safe (poppassd i mean)?


Well sorry for this huge mail and thanx in advance for all answers.

Best Regards,
=20
Marco Gon=E7alves
Respons=E1vel Desenvolvimento
marco.goncalves@aces.pt

-------------------------------------------------------------------------=
--------
       Lisboa / Sul
      Rua de S=E3o Jos=E9, 149/159, Pisos 2 e 3
      1169-115 Lisboa
      N=FAmero =DAnico: 707 22 10 40
      Fax 21 342 18 03
      www.aces.pt=20

-------------------------------------------------------------------------=
--------
------=_NextPart_000_0079_01C355FC.EA2BBB80--