Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 4 Jan 2003 20:07:15 -0500 (EST)
From:      Jim Weeks <jim@jwweeks.com>
To:        Adrian NoSpm! <adrian_nospm@hotmail.com>
Cc:        freebsd-isp@FreeBSD.ORG
Subject:   Re: how do you have seperate UIDs for each frontpage web?
Message-ID:  <20030104194543.J11824-100000@veager.jwweeks.com>
In-Reply-To: <F94iA8K6Kckbu3QCJ7h00013439@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Fri, 3 Jan 2003, Adrian NoSpm! wrote:

> What are the security consequences of having
> all the file files owned by fpuser and writable
> by that group?

Hi Adrian,

Sorry I was late in getting back to you.  Their shouldnt be a security
problem as long as fpuser is an unprivileged user, ie /sbin/nologin.  In
fact I have a web site offering free 30 days hosting for frontpage only
accounts.  The idea is to give the individual an opportunity to see if web
site authoring with frontpage is realy for them.  I wrote a script that
sets up each account as a subdomain of xxxxxx.com  and they are all
owned by the same unprivileged user.  Belive me, I have had people sign up
for an account that had nothing more in mind than to break into the
server.  Not to say it couldn't happen, but so far so good.  Offering
access only through frontpage seems to limit the possibilities.

I have to say that I am completely puzzled by your situation.  When any
of the above mentioned users actually upgrade to a paid account, I simply
create the new account, cp -Rp the old directory to the new user account,
chown -R and chgrp -R the whole fp directory.  I then copy
/usr/local/frontpage/user.xxxxxx.com:80.cnf >
/usr/local/frontpage/thierdomain.com:80.cnf, and every thing continues to
work as before.

You didn't mention, but are you by any chance trying to use apache
suexec in additon to frontpage?  This can definitely cause a conflict.

--
Jim


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030104194543.J11824-100000>