Hello, I started using suPHP recently and I just can't get my permissions setup correct. I am using suPHP along with DBD MySQL, which allows me to store my users and Apache virtual hosts into a MySQL database.
The server's contents have the following permissions : -rw-r-x--- someuser www-data /home/users/someuser/ -rw-r----- someuser www-data /home/users/someuser/index.php - "someuser" is a UNIX user stored in the MySQL database (link is made through libnss-mysql and pam-mysql). - "someuser" belongs to the "users" group. His home is /home/users/someuser/. - "someuser" and his scripts must not be able to access other homes in /home/users. Now, I am trying to use suPHP to remove the "www-data" group ownership from the PHP scripts upon execution, but I need to keep the user ownership. That is, in the above example, index.php should be executed as someuser:users instead of www-data:www-data. - Owner mode allows me to set execution ownership to someuser:www-data, which isn't quite it since I don't want the group to be www-data. - Paranoid mode requires me to set a static user AND group name, which I can't do (all homes are handled by the same virtual host configuration, which queries the database for each request). I'd like to know if suPHP offered a way to use owner mode for the user, but paranoid mode for the group. Basically, I'd like something similar to : suPHP_Group users in owner mode (yet, this parameter does not exist). I've been thinking about this setup for a while, and I just can't find a correct configuration use both suPHP and DBD MySQL together, while separating all homes from each other. Am I missing something here, or is there a simpler setup I didn't think about? Thanks in advance! JWHS. _______________________________________________ suPHP mailing list [email protected] https://lists.marsching.com/mailman/listinfo/suphp
