|
 |
apache_server thread: Apache User/Group Configuration - Not chroot
Message #1 by "Paul Laudanski" <laudanp@y...> on Sun, 9 Feb 2003 08:29:23
|
|
I don't want to go down the chroot path. So here is my question, I'd like
to create the paths:
/www/user1/public_html
/www/user2/public_html
/www/user3/public_html
With each virtual server's document root set to their relative public_html
path. But instead of running apache as nobody, I'd like to have it run
respectively as user1, user2, and user3. This way I could set the various
userx folders to 0770 so no one can access them except Apache, the owner,
and the group.
Is this possible?
Message #2 by "Daniel Walker" <danielw@g...> on Mon, 17 Feb 2003 17:54:01
|
|
Not using a standard edition of apache, no. The HTTP daemon runs as nobody
_because_ "nobody" has no rights on the system. This sandboxes the process
and makes it impossible to hijack it, to carry out malicious operations on
the host. Remember that, across hypertext, the idea of a Unix permissions
system has no meaning: all users are anonymous. In the WierdOS NT world
they actually have a user they call "IUSER_machinename", that they use to
identify this anonymous web-user to the system: it's an alias for their
version of nobody.
Daniel Walker
glasshaus Support
http://www.glasshaus.com
glasshaus books: labor saving devices for web professionals
> I don't want to go down the chroot path. So here is my question, I'd
like
t> o create the paths:
> /www/user1/public_html
/> www/user2/public_html
/> www/user3/public_html
> With each virtual server's document root set to their relative
public_html
p> ath. But instead of running apache as nobody, I'd like to have it run
r> espectively as user1, user2, and user3. This way I could set the
various
u> serx folders to 0770 so no one can access them except Apache, the owner,
a> nd the group.
> Is this possible?
|
|
|
View Cart
