Using /home as suexec docroot is a big no-no from a security point of
view. It will create local privilege escalation vulnerabilities in many
situations. If you don't want to use /var/www you should probably use
directories under /srv.
In any case, the above howto is outdated. Nowadays there is the apache2
-suexec-custom package which allows to set the suexec docroot without
recompiling. But you should read the security advice in the suexec man
page that is contained in that package.
** Changed in: apache2 (Ubuntu)
Status: Triaged => Invalid
--
suexec should be configured to use /home as its docroot
https://bugs.launchpad.net/bugs/629633
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
