Suexec with Apache 1.3.29
mikkel at talkactive.net
Fri Apr 30 00:58:50 PDT 2004
On Thursday 29 April 2004 19:54, Mikkel Christensen wrote:
> On Thursday 29 April 2004 18:20, Marty Landman wrote:
> > At 01:13 PM 4/29/2004, Mikkel Christensen wrote:
> > >On Thursday 29 April 2004 14:22, Marty Landman wrote:
> > That said, the constraint
> > that you point out is imposed by suexec is that the id owning that file
> > must also own all the applications that have any access to that file.
> > Unless you deem fit to make the file world readable, writeable, or executable.
> Technically if no other other users tha www itself is member of the www group I find the more sophisticated way of setting permissions you gain would be more important.
> It is my believe that suexec by being too paranoid removes some great configuration options. Some options that I would personally prefer.
> But of course this is my oppinion and i'll bet the people who maintain suexec disagree:)
Hmm may there is a way to get what I want.
If apache's user is add'ed to all the groups that the users are member of this would work.
Eg. user1 is member of the group user1.
So is the www-user.
Now setting permissions 644 would give access to everyone.
Setting permissions 640 would deny all other users on the server access to the files.
Setting permissions 600 would completely deny everyone from reading the files.
This is what I wanted from the beginning. Setting www as group owner of the files would be a lot easier in my oppinion than adding the www-user so every user's group.
But it will do. Now I'm happy:-)
More information about the freebsd-questions