On Fri, Nov 05, 2004 at 03:35:11PM -0800, Stephen Le wrote: > See the example above. Users would still be able to upload their own > Perl scripts and get Apache to execute them without restriction - the > Perl script could call commands that I want to ban the users from > executing.
Lots of people have commented already, but I've not seen any discussion on why you might want to do this. What kind of bad commands are you trying to prevent? Most of the dangerous commands like fdisk, etc, will be handled by the existing permissions setup. If you give people the ability to upload CGI scripts, like the perl example you mention, you've already lost - a malicious user could compile some C code statically and exectute that remotely. If you're operating a shared system and want to keep seperate web users isolated from each other using rbash, chroots or similar should be sufficient. What exactly is it that these solutions do not give you which you need? Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
