Firt of all thx for squick reply :D
the problem is that apache can read thesse files. Lets say that i have
2 users joe and meg and this structure of files:
/home/joe/public_html/index.php
/home/meg/public_html/config.php
According to this if i want to secure php from joe site to be able to
open meg's secret.php just for reading file ("r" perm) i need to takie
some action maybe from php.ini.
If i wont do this joe scripts are run as joe:www-data? Soo joe can't
open them but group www-data can.
That's why ive tried to run apache as root and suphp. Too eliminate
group perms. But as i say it generates 500 internal server error and
error.log shows what i've pasted earler.
Is it possible?
Best Regards
2011/1/3 Aki Tuomi <[email protected]>:
> On Mon, Jan 03, 2011 at 12:05:35AM +0100, Grzegorz Dwornicki wrote:
>> Hi
>>
>> Let's say i want to create a configuration of apache2 + suphp with
>> will allow users to set right for their files and directories to owner
>> only. Soo php needs to be run as owner (this takes suphp). But in
>> order to apache even run suphp it needs to go to documentroot and look
>> at index file or other file that user had requested. To to tjis apache
>> needs to be able to go to that directory ignoring file rights - maybe
>> apache run as root?
>>
>> I wanted to chect this configuration but it seems that apache as root
>> and suphp creates errors like this:
>>
>> ...
>>
>> Best Regards
>> Grzegory
>>
>
> Of course, you could set the directory to be owned by username:www-data (or
> whatever group your apache uses), and set perms to 0750. This would, in my
> opinion, achieve the same security?
>
> Aki Tuomi
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAk0hrNAACgkQahHbMDrZuj56pQCfZKxtMwyeCKFvZuAojDmhK836
> uAkAn3HNEkLFkyMyWp1aiVlqeDSs1IMG
> =EsWr
> -----END PGP SIGNATURE-----
>
>
_______________________________________________
suPHP mailing list
[email protected]
https://lists.marsching.com/mailman/listinfo/suphp
