Hi,
I would like to know if there's any PHP suexec to let user's page
running as his/her UID? Thanks.
--
Johnson Chow
by Mr. Chow Wing Si » Sat, 18 Aug 2001 23:53:05
I would like to know if there's any PHP suexec to let user's page
running as his/her UID? Thanks.
--
Johnson Chow
by Nikola Milutinovi » Sat, 18 Aug 2001 14:49:02
SuEXEC can work only on CGI programs (why do we call these things CGIQuote:> Hi,
> I would like to know if there's any PHP suexec to let user's page
> running as his/her UID? Thanks.
Would it be possible, in some distant future, to tell Apache to run under
the user-owner of the virtual host? That would be most logical for me. That
would require main Apache process to be root, which does open some space for
buffer overflows. OTOH, Apache would be root for the minimal time, just
enough to determine which VirtualHost it should be and switch to it. I
realize this "minimal" time might be long from Apache's point of view.
Nix.
by Joshua Sliv » Sat, 18 Aug 2001 23:15:26
On the other hand, Apache 2.0 has an experimental "MPM" called
"perchild" which will keep a pool of processes running under
different userids, and will pass requests to the appropriate
process.
--
Joshua Slive
http://slive.ca/
by Nikola Milutinovi » Tue, 21 Aug 2001 14:53:50
> That's not the real problem. The problem is that once Apache switches
> from root to the other userid, it must give up all ability to switch
> back to root. Therefore, the process would only be able to serve
> that one request before dying. This would vastly slow down the
> server, since creating new processes is very expensive.
So, will Apache 2.0 work the way I described? Can you setup something like:Quote:> On the other hand, Apache 2.0 has an experimental "MPM" called
> "perchild" which will keep a pool of processes running under
> different userids, and will pass requests to the appropriate
> process.
NameVirtualHost 192.168.61.16:80
<VirtualHost 192.168.61.16>
ServerName Mercury.ev.co.yu
DocumentRoot /usr/users/mercury/public_html
ErrorLog /usr/users/mercury/logs/error.log
CustomLog /usr/users/mercury/logs/access.log common
User mercury
Group httpd
<IfModule mod_alias.c>
ScriptAlias /cgi-bin/ "/usr/users/mercury/cgi-bin/"
</IfModule>
</VirtualHost>
And then all requests for http://Mercury.ev.co.yu/... would be directed to
the process with UID=mercury? And that process would be bound to serve
*that* particular virtual server?
Nix.
by Joshua Sli » Tue, 21 Aug 2001 23:10:55
Joshua.
I have a running Apache server with PHP compiled as module. Suexec
works, as I can see from my log file.
Now the problem: My PHP-script needs to create subdirs under
/usr/local/httpd/htdocs, so I tried suexec. The script is in
document_root, owner is a normal user, group and world can read and
execute, but not write. But the script does not work (mkdir - permission
denied). The user himself can create the subdirs, so I guess the script
is not run by the suexec-wrapper.
Any help greatly appreciated.
2. difference in [ and [[ in ksh
4. something like loadkeys for X
7. Apache + SUEXEC + PHP = Question
10. RewriteRule for suexec and php
11. suEXEC, PHP, virtual hosts, security, permissions
12. Apache w/ PHP and SSL: w/ PHP OK - w/out PHP NOK
13. suEXEC / non suEXEC performance