Date: Thu, 15 Nov 2001 12:15:03 +0100 From: "Anthony Atkielski" <anthony@atkielski.com> To: "Dmitry Mottl" <dima@sinp.msu.ru>, <freebsd-questions@FreeBSD.ORG>, <freebsd-security@FreeBSD.ORG> Subject: Re: Apache question Message-ID: <008001c16dc6$ca418bd0$0a00000a@atkielski.com> References: <3BF3A166.2090009@sinp.msu.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
What exactly do you mean when you say that virtual hosts must have "no access to each other"? ----- Original Message ----- From: "Dmitry Mottl" <dima@sinp.msu.ru> To: <freebsd-questions@FreeBSD.ORG>; <freebsd-security@FreeBSD.ORG> Sent: Thursday, November 15, 2001 12:05 Subject: Apache question > Hi, All > > I have to configure www virtual hosts under Apache > and I need that all virtual hosts have NO access (through cgi execution) to each > other. > > Is it good to start up proxy on 80 and > about 100-300 backend httpd (each under it's own uid and gid), > which will be paged in (from swap) if connection is requested. > > Is there a better solution? > > It seems that suexec apache mechanism will no help, > cause I have to give hosters GID to access there files, > so I can't specify properly permissions due to UNIX file security (uuugggooo). > In this case I need to choose if GID=wwwguest or GID=hoster > > May be to set up a patch to use UFS extended attributes? (www.trustedbsd.org) > I'm using FreeBSD 4.4-RELEASE > > -- > best regards, > Dmitry Mottl > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?008001c16dc6$ca418bd0$0a00000a>