OK, several things on this subject.
"Addhandler cgi-script .cgi .pl" (1) and ScriptAlias (2)
are two different concepts for allowing binaries
to be executed.
Approach 1 will allow the execution of binaries based on
their extension (.cgi and .pl here) regardless of where
they are found. That includes the DocumentRoot directory
and is usually thought to be somewhat insecure.
Approch 2 will allow execution of binaries in a particular
directory (as long as the bins are flagged 755 executable)
SInce I prefer this, I will comment on this only.
The "cgi-bin" part of www.domain.com/cgi-bin/
will be mapped to a directory somewhere in your filesystem.
Wether this direcory is (write-)accessable via FTP etc to
your customers is under your control. You can have several
cgi-executable directories.
A common way of setting up Apacher would be the following.
(To keep it simple I left out several options I usually
add)
Set up a directory structure like this:
/www/domain01.com/htdocs/
/www/domain01.com/cgi-bin/
/www/domain01.com/logs/
/www/domain02.com/htdocs/
/www/domain02.com/cgi-bin/
/www/domain02.com/logs/
etc.
htdocs will be the directory to hold your customers
uploadable html file etc. cgi-bin will have your
pre-installed cgi-scripts (perl, binaries, shellscripts
whatever) and logs, well, will have the apache log files.
Now configure your Apache virtual hosts like this:
<VirtualHost your.ip.here>
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /www/domain01.com/htdocs/
DirectoryIndex index.php4 index.php3 index.html
ServerName www.domain01.com
ServerAlias domain01.com
# Where the logfiles go:
ErrorLog /www/domain01.com/log/errors
CustomLog /www/domain01.com/log/access combined
# www.domain01.com/cgi-bin
ScriptAlias /cgi-bin /www/domain01/cgi-bin
# For common cgi scripts not editable by customers
# you might want to add:
ScriptAlias /common-cgi /www/whatever/common-cgi
# /www/whatever/common-cgi should be filled
# with something useful certainly. Access as
# http://www.domainXX.com/common-cgi/script.pl
<Directory /www/domain01.com>
# Tweak this to your needs:
Options Includes FollowSymLinks
# Allow customers to change options
# within .htaccess files:
AllowOverride All
</Directory>
</VirtualHost>
For FTP access make /www/domain01.com/ the home
(changerooted!) directory. Please note
customers might be able to edit/remove logfiles
with this config. In case you depend on the
logs, make sure you take precautions here.
Set the proper userid / rights etc.
If you do not want customers to upload binaries
to cgi-bin, either change the ftp home dir
to /www/domain01.com/htdocs/ remove the
cgi-bin config options and directory.
For a real life setup with customers having several
domains etc. you will certainly have a more complex
directory structure like /www/customerid/domainname/
and several FTP logins etc.
Hope that helps for a start.
Cheers,
Marcel
Keith Elder <[EMAIL PROTECTED]> 3 Jan 2002, at 16:36:
> Thanks Marcel,
>
> Let me restate what it was I was asking just to clarify my
> situation. If anyone has any input, by all means annie up.
>
> What I am trying to do is setup the server so users in
> /home/*/ can execute CGI programs on their personal web
> pages on this particular machine. I found a reference in
> the apache admin guide I have and the apache site which say
> to put the following in the httpd.conf:
>
> <Directory /home/*/public_html/cgi-bin>
> Options ExecCGI
> Addhandler cgi-script .cgi .pl
> </Directory>
>
> I have done that, but I still cannot make the following
> work:
>
> http://yourdomain.com/~username/cgi-bin/test.cgi
>
> When this page is run, I get "premature end of headers" in
> the error.log file. I thought this would be fairly simple
> but it is turning out to be a headache.
>
> Anything else I can try?
>
> Keith
>
>
> * Marcel Hicking ([EMAIL PROTECTED]) wrote:
> > From: "Marcel Hicking" <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Date: Thu, 3 Jan 2002 19:08:32 +0100
> > Subject: Re: Apache cgi-bin for users
> > Reply-to: [EMAIL PROTECTED]
> > X-mailer: Pegasus Mail for Win32 (v3.12c)
> >
> > ScriptAlias /cgi-bin/ /path/to/customers/cgi-bin/
> >
> > See
> > http://httpd.apache.org/docs/mod/mod_alias.html#scriptalia
> > s
> >
> > Please make really(!) sure what security implications it
> > has to allow not trustworthy people (customers ;-) to run
> > programms on _your_ server. Hint: Look for cgi-wrap and
> > changeroot.
> >
> > http://httpd.apache.org/docs-2.0/misc/security_tips.html
> > http://httpd.apache.org/docs-2.0/suexec.html
> > or better
> > http://wwwcgi.umr.edu/~cgiwrap/
> >
> > Cheers,
> > Marcel
> >
> >
> > Keith Elder <[EMAIL PROTECTED]> 31 Dec 2001, at 17:31:
> >
> > > Greetings and Happy New Year!
> > >
> > > I am trying to enable cgi-bin on user directories. I
> > > found the following lines on the apache.org site, put
> > > them in, but they didn't work:
> > >
> > > <Directory /home/*/public_html/cgi-bin>
> > > Options ExecCGI
> > > SetHandler cgi-script
> > > </Directory>
> > >
> > >
> > > Any other suggestions as to how to setup cgi-bin
> > > directories for user accounts?
> > >
> > >
> > > Thanks,
> > >
> > > Keith
> > >
> > > #######################################################
> > > Keith Elder
> > > Email: [EMAIL PROTECTED]
> > > Phone: 1-734-507-1438
> > > Text Messaging (145 characters): [EMAIL PROTECTED]
> > > Web: http://www.zorka.com (Howto's, News, and hosting!)
> > >
> > > "With enough memory and hard drive space
> > > anything in life is possible!"
> > > #######################################################
> > >
> > >
> > > --
> > > To UNSUBSCRIBE, email to
> > > [EMAIL PROTECTED] with a subject of
> > > "unsubscribe". Trouble? Contact
> > > [EMAIL PROTECTED]
> > >
> >
> >
> > --
> > __
> > .´ `.
> > : :' ! Enjoy
> > `. `´ Debian/GNU Linux
> > `-
> >
> >
> > --
> > To UNSUBSCRIBE, email to
> > [EMAIL PROTECTED] with a subject of
> > "unsubscribe". Trouble? Contact
> > [EMAIL PROTECTED]
>
>
> #######################################################
> Keith Elder
> Email: [EMAIL PROTECTED]
> Phone: 1-734-507-1438
> Text Messaging (145 characters): [EMAIL PROTECTED]
> Web: http://www.zorka.com (Howto's, News, and hosting!)
>
> "With enough memory and hard drive space
> anything in life is possible!"
> #######################################################
--
__
.´ `.
: :' ! Enjoy
`. `´ Debian/GNU Linux
`-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
