Secure Environment

Anon

I have Apache 1.3.12 with newest PHP4. I have a VirtualHosting environment and want to allow the users of the VirtualHosts to execute own php3 applications.

I use CGIWrap for CGI applications and run them under different users. I would like this:

Run PHP scripts for each host as a different user
Secure PHP so that there is no access outside of DocumentRoot

Hope you have any idea

...darko

Anon

Darko Krizic wrote:

Run PHP scripts for each host as a different user
Then you need to use Apache's suEXEC system and run PHP as a CGI, unfortunately. Maybe in about ½ a year from now, there will be a version of Apache with which it's easier.

Do however consider fhttpd:
http://www.fhttpd.org/
I have no personal experiences with this web-server, but it supposedly makes it easier to run each virtual host as different users.

Secure PHP so that there is no access outside of
DocumentRoot
Go looking for information about "safe_mode".

Anon

if you are a careful reader and have compiled and installed your apache distro yourself then recompiling apache with suexec support isn't as hard as getting openssl/mod_ssl up and running - you are using https aren't you :-)

suexec background stuff can be found at http://www.apache.org/docs/suexec.html

The actual config/make/install stuff is at http://www.apache.org/docs/suexec_1_2.html

Anon

I don't know if this is a little late coming in for you, but I am using cgiwrap with my php scripts..

Compile php as a cgi, and put it where users can find it, then have have them copy it to their cgi-bin directory so cgiwrap can exec it.

They then create a .htaccess in their root web directories and put 2 lines in:
Action application/x-sphp /cgi-bin/cgiwrap/sturdee/php.cgi
AddType application/x-sphp .php

Then they can chmod their scripts to 700 or whatever they want, and they can exec them from http://www.yourserver.com/username/theirscript.php and it exec it through the wrapper..

Even though it's a tad late, hope it helped some..
Mike

Anon

Can php4 be run from suexec instead of cgiwrap. I'd like to run my php files like:

http://host.com/~thisuser/myphp.cgi

I've used suexec before and like the interface. But when I try to run the CGI version of php4 (and php3 for that matter) using this method I always get a server error. I can execute the php scripts from the command line JUST FINE.

An example script would be:
#!/usr/local/php/bin/php
<body><pre>
<? phpinfo() ?>

When I run this from the command line. I do get a phpinfo result. From the server, an error. When I strace this the trace indicates that the php program couldn't find the body of the script and segfaults.

--
jeffrey hundstad
jeffrey.hundstad@mankato.msus.edu