[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re[2]: apache suEXEC wrapper on 7.2

Hello Stephen,

Thursday, January 31, 2002, 10:04:37 PM, you wrote:

SW> Thanks, i guess im a little confused, what i needed to do is
SW> have some virtual ip web servers run with a different user / group
SW> than the web user / group apache apache for those virtual spots
SW> only.

We do this all the time.  It's a very good idea if you have VHOSTs
who use their own Perl/CGI scripts.

SW> The problem im trying to over come is some of our developers
SW> do cgi send mail and in the cg'is they use send mail and the
SW> mail bounces it then gets returned to the apache user in to term me.

SW> So its hard to say where it came from or who was responsible for
SW> not setting the return address in when they open sendmail.
SW> Its more of a concern if i am trying to track one of our develops
SW> that did something bad in a cgi via there virtual web account.

Using suEXEC, you'd still end up receiving these emails most of the
time, but they would show [virtuser] server com instead of
[nobody] server com   So, you would be able to figure out who
generated the email(s).

SW> So i thought setting up a user / group of there own in apache
SW> would do the job so i ended up trying to use  suexe. But could not
SW> get it to work and the suexe gets and error about the cgi
SW> "error: command not in docroot" so i guess suexe expects
SW> the html & cgi in the same directory. not as we usually
SW> have in html dir and the cgi-bin parent of it.

suEXEC is compiled with a specific "docroot" that is deemed to be
"safe".  If your developer's "Web" directories all have a common parent
dir, you can recompile suEXEC to accommodate this.  We run our VHOSTs
with a directory structure of /home/vhost.com with cgi-bin and htdocs
as subdirs.  As long as a suEXEC monitored VHOST doesn't try to
execute a script outside of /home/vhost.com/, there's no problems.

If you want to send me a bit more info wrt your Apache version and
common parent dir for your suEXEC monitored VHOSTs, I can recompile
suEXEC and send you an updated binary sometime early next week.  It's
a fairly trivial process, and you could probably do it yourself if you
wanted to give it a shot.

Best regards,
 Brian Curtis

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]