Hello Stephen, Thursday, January 31, 2002, 10:04:37 PM, you wrote:
SW> Thanks, i guess im a little confused, what i needed to do is SW> have some virtual ip web servers run with a different user / group SW> than the web user / group apache apache for those virtual spots SW> only. We do this all the time. It's a very good idea if you have VHOSTs who use their own Perl/CGI scripts. SW> The problem im trying to over come is some of our developers SW> do cgi send mail and in the cg'is they use send mail and the SW> mail bounces it then gets returned to the apache user in to term me. SW> So its hard to say where it came from or who was responsible for SW> not setting the return address in when they open sendmail. SW> Its more of a concern if i am trying to track one of our develops SW> that did something bad in a cgi via there virtual web account. Using suEXEC, you'd still end up receiving these emails most of the time, but they would show [virtuser]@server.com instead of [nobody]@server.com. So, you would be able to figure out who generated the email(s). SW> So i thought setting up a user / group of there own in apache SW> would do the job so i ended up trying to use suexe. But could not SW> get it to work and the suexe gets and error about the cgi SW> "error: command not in docroot" so i guess suexe expects SW> the html & cgi in the same directory. not as we usually SW> have in html dir and the cgi-bin parent of it. suEXEC is compiled with a specific "docroot" that is deemed to be "safe". If your developer's "Web" directories all have a common parent dir, you can recompile suEXEC to accommodate this. We run our VHOSTs with a directory structure of /home/vhost.com with cgi-bin and htdocs as subdirs. As long as a suEXEC monitored VHOST doesn't try to execute a script outside of /home/vhost.com/, there's no problems. If you want to send me a bit more info wrt your Apache version and common parent dir for your suEXEC monitored VHOSTs, I can recompile suEXEC and send you an updated binary sometime early next week. It's a fairly trivial process, and you could probably do it yourself if you wanted to give it a shot. -- Best regards, Brian Curtis _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
