Thank you for the information. Am I right that php-skripts then would
need an execute-bit set? Currently they don't have ...
On 9 Jun 2003 at 17:59, Jon wrote:
On Mon, 2003-06-09 at 17:28, Phillip Hofmeister wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 09 Jun 2003 at
On Tue, 2003-06-10 at 08:24, Stefan Neufeind wrote:
Thank you for the information. Am I right that php-skripts then would
need an execute-bit set? Currently they don't have ...
Unfortunately, yes. Otherwise you'll get a 500 Internal Server Error or
the likes.
- Jon
--
[EMAIL PROTECTED]
On Tue, 10 Jun 2003 at 05:24:59PM +0200, Stefan Neufeind wrote:
Thank you for the information. Am I right that php-skripts then would
need an execute-bit set? Currently they don't have ...
They will be being treated like a normal binary file, so yes (that is,
if you want yours scripts to
Thank you for the information. Am I right that php-skripts then would
need an execute-bit set? Currently they don't have ...
On 9 Jun 2003 at 17:59, Jon wrote:
On Mon, 2003-06-09 at 17:28, Phillip Hofmeister wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 09 Jun 2003 at
On Tue, 2003-06-10 at 08:24, Stefan Neufeind wrote:
Thank you for the information. Am I right that php-skripts then would
need an execute-bit set? Currently they don't have ...
Unfortunately, yes. Otherwise you'll get a 500 Internal Server Error or
the likes.
- Jon
--
[EMAIL PROTECTED]
On Tue, 10 Jun 2003 at 05:24:59PM +0200, Stefan Neufeind wrote:
Thank you for the information. Am I right that php-skripts then would
need an execute-bit set? Currently they don't have ...
They will be being treated like a normal binary file, so yes (that is,
if you want yours scripts to
But afaik you run into real problems when you try to use suexec with
php, don't you? Or has anybody managed to get this running correctly?
(for Apache 1.3.x !!!).
On 6 Jun 2003 at 17:06, Wade Richards wrote:
On 06 Jun 2003 16:15:37 PDT, Jon writes:
I believe Apache would still be executing
On Mon, 09 Jun 2003 at 05:02:41PM +0200, Stefan Neufeind wrote:
does it work without problems with php? if you use as cgi-variant?
Think I tried this some time ago and ran into some probllems. Does it
work for your setup? How?
Here is the caviot: the O/S does not recognize extensions. To
On Mon, 09 Jun 2003 at 04:59:10PM +0200, Stefan Neufeind wrote:
But afaik you run into real problems when you try to use suexec with
php, don't you? Or has anybody managed to get this running correctly?
(for Apache 1.3.x !!!).
You use suexec, php*-cgi, and MISC Binary support (Kernel) to
On Mon, 2003-06-09 at 07:59, Stefan Neufeind wrote:
But afaik you run into real problems when you try to use suexec with
php, don't you? Or has anybody managed to get this running correctly?
(for Apache 1.3.x !!!).
There *are* issues with running suExec + php. First, php must be run as
a
Stefan Neufeind [EMAIL PROTECTED] writes:
But afaik you run into real problems when you try to use suexec with
php, don't you? Or has anybody managed to get this running correctly?
(for Apache 1.3.x !!!).
You do if you use php scripts that are parsed by the server itself.
You can use php
But you mean starting with #! ?? How could I use the normal way of
setting a cgi-handler for calling .php-files? Know what I mean?
Using Misc Binary-support (and therefor patching the kernel) seems no
solution to me. Isn't there some way to make it work using Apache-
features?
On 9 Jun 2003 at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 09 Jun 2003 at 09:35:49PM +0200, Stefan Neufeind wrote:
But you mean starting with #! ?? How could I use the normal way of
setting a cgi-handler for calling .php-files? Know what I mean?
Using Misc Binary-support (and therefor patching
On Mon, 2003-06-09 at 17:28, Phillip Hofmeister wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 09 Jun 2003 at 09:35:49PM +0200, Stefan Neufeind wrote:
But you mean starting with #! ?? How could I use the normal way of
setting a cgi-handler for calling .php-files? Know what
But afaik you run into real problems when you try to use suexec with
php, don't you? Or has anybody managed to get this running correctly?
(for Apache 1.3.x !!!).
On 6 Jun 2003 at 17:06, Wade Richards wrote:
On 06 Jun 2003 16:15:37 PDT, Jon writes:
I believe Apache would still be executing
On Mon, 09 Jun 2003 at 05:02:41PM +0200, Stefan Neufeind wrote:
does it work without problems with php? if you use as cgi-variant?
Think I tried this some time ago and ran into some probllems. Does it
work for your setup? How?
Here is the caviot: the O/S does not recognize extensions. To
On Mon, 09 Jun 2003 at 04:59:10PM +0200, Stefan Neufeind wrote:
But afaik you run into real problems when you try to use suexec with
php, don't you? Or has anybody managed to get this running correctly?
(for Apache 1.3.x !!!).
You use suexec, php*-cgi, and MISC Binary support (Kernel) to
On Mon, 2003-06-09 at 07:59, Stefan Neufeind wrote:
But afaik you run into real problems when you try to use suexec with
php, don't you? Or has anybody managed to get this running correctly?
(for Apache 1.3.x !!!).
There *are* issues with running suExec + php. First, php must be run as
a
Stefan Neufeind [EMAIL PROTECTED] writes:
But afaik you run into real problems when you try to use suexec with
php, don't you? Or has anybody managed to get this running correctly?
(for Apache 1.3.x !!!).
You do if you use php scripts that are parsed by the server itself.
You can use php
But you mean starting with #! ?? How could I use the normal way of
setting a cgi-handler for calling .php-files? Know what I mean?
Using Misc Binary-support (and therefor patching the kernel) seems no
solution to me. Isn't there some way to make it work using Apache-
features?
On 9 Jun 2003 at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 09 Jun 2003 at 09:35:49PM +0200, Stefan Neufeind wrote:
But you mean starting with #! ?? How could I use the normal way of
setting a cgi-handler for calling .php-files? Know what I mean?
Using Misc Binary-support (and therefor patching
On Mon, 2003-06-09 at 17:28, Phillip Hofmeister wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 09 Jun 2003 at 09:35:49PM +0200, Stefan Neufeind wrote:
But you mean starting with #! ?? How could I use the normal way of
setting a cgi-handler for calling .php-files? Know what
On Fri, 06 Jun 2003 at 05:06:20PM -0700, Wade Richards wrote:
I suggest you look up the suEXEC Apache module, it seems to do exactly what
you want.
suEXEC and php(3|4)-cgi...
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O -
I want to enable some friends of mine to host their web pages on my
woody server. It has Apache LAMP running in great shape and it suits my
Web page just fine. The Problem that I have now is, that the apache user
is www-data. Well, I guessed I could just change the user permissions on
the
Woon Wai Keen @ doubleukay.com wrote:
maybe you can try what i've used , which basically is :
#1 - mod_diffprivs
Wow, this is really exciting! Thank you very much!
I immediately downloaded and compiled it. Now my httpd.conf looks like this:
VirtualHost x.x.x.x
ServerAdmin [EMAIL
Woon Wai Keen @ doubleukay.com wrote:
#2 - ERUP (enhanced regular user privileges)
http://www.wijata.com/erup
and this one lets me grant the apache user (www-data) privilege to perform
uid/gid switching , so that i dont have to run apache as root .
Ahnow I understand. First I thought this
On Fri, 06 Jun 2003 at 05:06:20PM -0700, Wade Richards wrote:
I suggest you look up the suEXEC Apache module, it seems to do exactly what
you want.
suEXEC and php(3|4)-cgi...
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O -
Okay, I already posted this message to debian-users, but please don't
flame me - i just figured that maybe debian-security is the better place
to post a request for help like this. Clearly enough this is a security
concern, after all. So maybe you could be so kind and help me out on
this one:
Is there some reason why you can't give each user an account and have them put their
files in ~/public_html? That would have their page show up at domain.net/~username/.
Sorry if you already knew this and I'm misunderstanding the problem.
On Sat, 07 Jun 2003 00:03:59 +0200
Juan Antonio Agudo
Hi,
On Sat, 07 Jun 2003 00:03:59 +0200, Juan Antonio Agudo writes:
I want to enable some friends of mine to host their web pages on
my woody server. It has Apache LAMP running in great shape and it
suits my Web page just fine. The Problem that I have now is, that
the apache user is www-data.
On 06 Jun 2003 16:15:37 PDT, Jon writes:
I believe Apache would still be executing php/cgi scripts as www-data,
so users could snoop on other users's scripts, session files, etc.
Something like:
?php echo `ls ../neighbor/public_html`; ?
I suggest you look up the suEXEC Apache module, it seems to
Okay, I already posted this message to debian-users, but please don't
flame me - i just figured that maybe debian-security is the better place
to post a request for help like this. Clearly enough this is a security
concern, after all. So maybe you could be so kind and help me out on
this one:
Is there some reason why you can't give each user an account and have them put
their files in ~/public_html? That would have their page show up at
domain.net/~username/.
Sorry if you already knew this and I'm misunderstanding the problem.
On Sat, 07 Jun 2003 00:03:59 +0200
Juan Antonio Agudo
Hi,
On Sat, 07 Jun 2003 00:03:59 +0200, Juan Antonio Agudo writes:
I want to enable some friends of mine to host their web pages on
my woody server. It has Apache LAMP running in great shape and it
suits my Web page just fine. The Problem that I have now is, that
the apache user is www-data.
On Fri, 2003-06-06 at 15:42, Tim Cunningham wrote:
Is there some reason why you can't give each user an account and have them
put their files in ~/public_html? That would have their page show up at
domain.net/~username/.
Sorry if you already knew this and I'm misunderstanding the problem.
On 06 Jun 2003 16:15:37 PDT, Jon writes:
I believe Apache would still be executing php/cgi scripts as www-data,
so users could snoop on other users's scripts, session files, etc.
Something like:
?php echo `ls ../neighbor/public_html`; ?
I suggest you look up the suEXEC Apache module, it seems to
36 matches
Mail list logo
