On Mon, Jun 18, 2001 at 08:49:03AM -0500, Andy Zbikowski (Zibby) wrote: > You could use cgiwrap to execute the cgi as the user owning the webspace > instead of the webserver. First thing that comes to mind anyway. > > http://freshmeat.net/projects/cgiwrap/ As I understood the first post he doesn't actually have users on the system (proftpd users in sql?) so that wouldn't work. What I would do is probably run the webserver as nobody/nogroup and make sure that nothing is writable by that user/group. If on the other hand he has actual users on the system I would go for suexec that comes with Apache. just my $.02 -- Thomas Eibner <http://thomas.eibner.dk/> DnsZone <http://dnszone.org/> mod_pointer <http://stderr.net/mod_pointer>