Apache suEXEC help - solved!
Tony Dietrich
td at transoft.demon.co.uk
Fri Feb 4 00:34:35 UTC 2005
On Thursday 03 Feb 2005 06:10, Ashley M. Kirchner wrote:
> Never mind, I figured it out. All users need to be defined under
> the docroot for suEXEC to work. That said, docroot (for suEXEC) does
> not need to be the same docroot for the main server's html pages.
>
> So, I now have a suEXEC docroot of /var/www/virtual and I have
> individual users' cgi-bin in there and then symlinked back to their
> actual $HOME space. Which brings me to my next question: do I leave
> that symlink owned by them, or by another user to prevent accidental
> deletion of it? (The files with it are still owned by the user so they
> can do whatever they want with them obviously, but the symlink itself...?)
no. give the symlinks to a control group, or apache. just give the user
permission to execute. The symlink is your part of the bargain you make when
you allow them to run certain scripts. Its only on lease to them to use, not
modify.
>
> Also, this poses a problem with quota as well. How do I take their
> cgi-bin folder into account when calculating quota usage?
One symlink won't upset you too much ..AFAIK, quota doesn't follow
symlinks ...
not too sure if it has a option to follow/not to follow links tho....
if it does follow them, then the content in the cgi-bin is static, so you can
easily give them that allowance .. after all, they are paying you extra for
those scripts aren't they?
If the files the scripts write get to be a problem, then the problem is for
the user, who should buy more space off you.
--
Tony Dietrich
-------------
The longer the title, the less important the job.
More information about the fedora-list
mailing list