From owner-freebsd-isp Mon Jul 31 13: 1:43 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.gtw.net (mail.gtw.net [208.33.253.12]) by hub.freebsd.org (Postfix) with SMTP id CA51037BCFD for ; Mon, 31 Jul 2000 13:01:36 -0700 (PDT) (envelope-from john@day-light.com) Received: (qmail 28274 invoked from network); 31 Jul 2000 20:01:13 -0000 Received: from 62.pm3.gtw.net (HELO w1) (63.161.82.62) by mail.gtw.net with SMTP; 31 Jul 2000 20:01:13 -0000 Reply-To: From: "John Brooks" To: Subject: RE: web hosting, what ftp to use? Date: Mon, 31 Jul 2000 14:55:25 -0500 Message-ID: <000f01bffb29$48b64940$0b00a8c0@dle> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: X-MIMEOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Instead of allowing cgi-bin access to the customer, what about supplying PHP and chroot the FTP access to just apache's document root for the virtual domain of that particular customer? Is that a workable option? jb -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of James Wyatt Sent: Monday, July 31, 2000 2:34 PM To: Veaceslav Revutchi Cc: freebsd-isp@freebsd.org Subject: Re: web hosting, what ftp to use? On Mon, 31 Jul 2000, Veaceslav Revutchi wrote: > Thanks everyone for sharing your experience with me! > > I have one more question about cgi. I was thinking about giving > ftp access for each user to its own cgi directory but then > I won't be able to control the contents of their scripts. > What would be a wise procedure to allow users to update their > cgi stuff? > > thanks again very much, > slava revutchi You might *seriously* look at a jail or chroot approach. There have been several web servers hacked when folks uploaded scripts that allowed them to do things like search for broken suid programs, read world-readable files with config info, etc... You should also provide some simple scripts users can clone/modify to cut down on support calls and provide hints to approach forms, etc... You should also look into using FreeBSD's login limitations on your server account - but there are *much* better experts around here than I on doing so. - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message