From: Brian C. <we...@we...> - 2005-05-04 02:17:56
|
Roger B.A. Klorese wrote: >We're trying to allow our Virtualmin'd users to run PHP in their sites >without having to cross-expose their files to other users, and having a >devil of a time. > >suexec helps us with CGI, but not with PHP, of course -- files written by >PHP must be accessible by the web-server user and/or group. I know I can >restrict FTP and file manager users to their own trees, but there's still >the issue of shell users. > >We've tried using suPHP, but with a couple of hundred sites, we can't >handle the increased process overhead on the box we're using. We need to >run mod_php, not CGI. > >Any suggestions on blocking access and visibility? chroot (and is it >supported easily by Virtualmin)? Some non-obvious permission strategy? > Have you looked at cgiwrap? It supposedly works for php too... Although I haven't personally used it for php... http://cgiwrap.unixtools.org/ Brian |