I would only open that up to users that specifically request it. Allowing people to run cgi-bin directories has a huge potential for causing major heartache--I should know, one of the boxes I admined did have that enabled by default and I ended up having to re-install after a user script ended up crashing the machine (some type of memory leak problem I think).
If it's not currently disabled (which it's not in the default apache configs for Mandrake 9.0 (not sure about 8.2)), then you need to disable it, and then only enable it for those users who specifically request it. Michael -- Michael Viron Core Systems Group Simple End User Linux At 11:15 AM 2/25/2003 +0000, Nicholas Brown wrote: >After look at closer I found this in the default >/etc/httpd/conf/commonhttpd.conf > ><Directory /home/*/public_html/cgi-bin> > Options +ExecCGI -Includes -Indexes > SetHandler cgi-script ></Directory> > >So it would appear that a user CAN use cgi scripts by default, aslong as the >are placed in /home/*/public_html/cgi-bin > >thanks away, >Nick > >On Tuesday 25 Feb 2003 7:00 am, Vincent Danen wrote: >> On Sun Feb 23, 2003 at 12:09:50PM +0000, Nicholas Brown wrote: >> > I'm using a basic install of Mandrake 9.0. I've installed the apache >> > RPMs. Using the default mandrake apache config I figured out that if I >> > want to have a website as a user I need to create a ~/public_html >> > directory. This works just fine (I've created a basic index.html page, >> > that appears when I browser to http://localhost/~nick/ ) >> > But my question is where does a user put cgi scripts? >> > Do they need to create a particular directory? or do I need to alter the >> > default mandrake apache config files in some way? >> >> Good grief... don't give users access to put CGI scripts on the system. >> That's a security headache waiting to happen. >> >> If you really want to do it, you'll need to modify the apache configs. >> There's no way we would have something so dangerous in there by default. > >-- ><[EMAIL PROTECTED]> IOS Development UK, Cisco > >Want to buy your Pack or Services from MandrakeSoft? >Go to http://www.mandrakestore.com >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
