[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-security
Subject:    Re: [suse-security] Users' WWW servers setup
From:       Robert Davies <rob_davies () ntlworld ! com>
Date:       2002-02-01 11:48:49
[Download RAW message or body]

On Friday 01 February 2002 07:44, Kurt Seifried wrote:
> Cool. Can I buy an account? hint: server side includes, suexec...... Really
> really bad idea to let users modify a config for something that starts life
> running as root. Plus I could "steal" other user's sites possibly, break

Agreed, so why not let them have their config file, and just assign a port to 
them, to run their own copy of Apache which they start themselves.

> the config, etc. Keep the conf files in a location only you can modify (why
> the heck would you let users modify their stuff anyways?).

Well I had web developer types, and they had this strange idea, that they 
needed to hack config files for stuff, in order to do work.  Using the user 
owned httpd process at least meant they didn't have access to root password, 
or the account through more devious means.

Rob

[prev in list] [next in list] [prev in thread] [next in thread]