> If you run your own server, you can set it up so that each webmaster is
> locked into a private environment, but it's messy.  According to me, you
> would need a separate copy of apache for each site, each running under a
> different user, and they would need to run on separate ports, which is a
> nuisance.

It's called SuEXEC in Apache and compiled in the core of Apache, it's not a

What it does, it allows Apache to use the Group and User directives inside
virtual hosts.

For example:

<VirtualHost whatever>
  DocumentRoot /blah
  User cust001
  Group cust001

In this case, all files in /blah would be owned by cust001:cust001 and
permissions as strict as 0600 can be given on the files in the directory.
Apache's processes serving requests on this virutal host, will drop
permissions to user and group cust001 as specified in the configuration, so
apache would have access to read it.

In other virtualhosts, either the default user / group is used, or they are
specified uniquely in a per-virtualhost basis.  The other virtual hosts will
thus run with different uid/gid meaning that other virtualhosts will not be
able to include code in other virtualhosts, even when they know the paths.

Because Apache drop permissions to the user/group specified, they will not
have access to read/write/execute the included filename in a different


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to