From owner-freebsd-security Thu Nov 15 3: 5:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from SRDMAIL.SINP.MSU.RU (bigking.sinp.msu.ru [213.131.9.130]) by hub.freebsd.org (Postfix) with ESMTP id E258F37B416; Thu, 15 Nov 2001 03:05:25 -0800 (PST) Received: from [194.220.213.239] (helo=sinp.msu.ru) by SRDMAIL.SINP.MSU.RU with esmtp (Exim 3.33 #3) id 164KJD-000Hwn-00; Thu, 15 Nov 2001 14:03:51 +0300 Message-ID: <3BF3A166.2090009@sinp.msu.ru> Date: Thu, 15 Nov 2001 14:05:10 +0300 From: Dmitry Mottl Organization: SINP MSU User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.4) Gecko/20011004 X-Accept-Language: ru, en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Apache question Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, All I have to configure www virtual hosts under Apache and I need that all virtual hosts have NO access (through cgi execution) to each other. Is it good to start up proxy on 80 and about 100-300 backend httpd (each under it's own uid and gid), which will be paged in (from swap) if connection is requested. Is there a better solution? It seems that suexec apache mechanism will no help, cause I have to give hosters GID to access there files, so I can't specify properly permissions due to UNIX file security (uuugggooo). In this case I need to choose if GID=wwwguest or GID=hoster May be to set up a patch to use UFS extended attributes? (www.trustedbsd.org) I'm using FreeBSD 4.4-RELEASE -- best regards, Dmitry Mottl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message