Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Users' WWW servers setup
On Friday 01 February 2002 07:44, Kurt Seifried wrote:
> Cool. Can I buy an account? hint: server side includes, suexec...... Really
> really bad idea to let users modify a config for something that starts life
> running as root. Plus I could "steal" other user's sites possibly, break

Agreed, so why not let them have their config file, and just assign a port to
them, to run their own copy of Apache which they start themselves.

> the config, etc. Keep the conf files in a location only you can modify (why
> the heck would you let users modify their stuff anyways?).

Well I had web developer types, and they had this strange idea, that they
needed to hack config files for stuff, in order to do work. Using the user
owned httpd process at least meant they didn't have access to root password,
or the account through more devious means.


< Previous Next >