You are a brave soul.  I dont know of any place that allows untrusted users to
execute any script.  But, I know it has been done with some amount of security.  I
dont know how to implement it myself, but ask the guy at www.fuzzymonkey.org for
some advice.  I Think he has some experience in it.

Jay

-----Original Message-----
From: tclug-list-admin at mn-linux.org
[mailto:tclug-list-admin at mn-linux.org]On Behalf Of Jason Jorgensen
Sent: Tuesday, July 31, 2001 10:50 AM
To: tclug-list at mn-linux.org
Subject: [TCLUG] Homedir web server


We have a webserver for our users personal web space. I am interested in
what you all have done in locking down your users personal web space. We
are allowing cgi's and it concerns me.

The users directories are all owned by the same user, the user does not
have a real account on the box. We are using the virtual user proftp
stuff so that real users arent needed. As a consequence I cant use
apache's SUexec since it would try to run the .cgi as a user that doesnt
really exist. I was thinking it might be possible to chroot apache and
provide a seperate version of perl inside the apache chroot'd area. If
that would work I wouldnt have to worry about permissions and other
things on the box. But for some reason I dont think it would work.

Advice appreciated.


_______________________________________________
tclug-list mailing list
tclug-list at mn-linux.org
https://mailman.mn-linux.org/mailman/listinfo/tclug-list