Cliff Wells wrote: > On Wed, 2003-04-02 at 13:43, John Nichel wrote: > > Cliff Wells wrote: > > > Fine. Discount *all* my suggestions ;) > > > > > > However, consider the pros and cons: > > > > > > Firing Bob: > > > - Easy. > > > - Indicates a decisive nature. Your boss will like that. > > > > > > Working around group limit: > > > - Hard. > > > - Will make you look bad while you search for a solution. > > > > > > Also, you should try to focus on Bob's annoying traits for a while, as > > > it will help you come to an unbiased conclusion. > > > > If Bob wasn't such a waste of space, we wouldn't have this problem. Why > > does he have to access so much????? Next thing you know, he'll want > > root. Bob, you're a twerp, and deserve to be put out on the street. > > > Since we're finally bringing this out in the open, I have to admit I > never liked Bob anyway. I think his "needing access" to Emma's files is > just a ploy to get close to her. That just gives me the creeps. What's > next? Rummaging through her trash can? Where will it end? Bob's > clearly a stalker and must be stopped. >
:-) I thought I descriebed the problem pretty good using Bob and Emma. Well, sadly there is a more serious background to my problem. In my case Bob is the apache webserver. I installed a new server which should host just a small number of virtual sites. The customers should be able to use cgi scipts. The problem is that cgi's are executed with the rights of the apache, which would mean every virtual site could read all data out of all other virtual sites. That is why I use cgiwrap, which executes a cgi script with the owner/group of the file. So I gave every virtual site an own group and put apache in that group and chmoded the directory and files to e.g. 770. This way apache can read the directories (virtual sites documentroot), which of course is necessary, but users of one virtual site can't read via cgi script the contents of other virtual sites. Now I got the problem that if I put apache in yet another group (I guess apache would be in 33 then), it just is ignored and apache dosn't have permission to read the web directory of a new virtual site. Cheers Denis Jacobi -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
