We use sbox, which is sorta like suEXEC, but can put ulimit, processor usage, and disk space usage limits on each script that runs, in addition to running as a particular user.
We use mod_rewrite so that the end user just calls their scripts as normal (http://somedomain.com/cgi-bin/myperlscript.cgi), and it actually calls sbox and runs as the owner of the myperlscript.cgi. Works marvelously, and our clients don't even know we're protecting them from themselves. =P
It's written by Lincoln Stein (contributing author to WebTechniques and other publications). He's always been very prompt to answer any questions I've had.
http://stein.cshl.org/software/sbox/
Eric
On Thursday 26 April 2001 14:03, Andrew Savory wrote:On Thu, 26 Apr, 2001 at 12:21 +0200, Russell Coker wrote: > What I want to do is have multiple virtual hosts with each virtual > host=20 having a different UID for running CGI-BIN scripts.
See http://httpd.apache.org/docs/vhosts/mass.html -- you may be able to do it with standard Apache config directives and possibly a little of mod_rewrite.
That page has no mention of how to dynamically chose UID's for accounts. I could possibly make it choose different cgi-bin directories dynamically and have a UID specified for each directory. But then instead of having to change my configuration for each web site I have to change it for each UID (which is just as much pain).
Thanks for the suggestion, but it doesn't seem to do what I need.
I want the cgi-bin for www.company.com to be run under the company.com account (which will be in LDAP). Then to create a new domain I put the FTP accounts for upload and the cgi-bin account into the LDAP server, upload the content (the FTP server creates the directory automatically) and then it all works!
-- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
