> What I want to do is have multiple virtual hosts with each virtual > host having a different UID for running CGI-BIN scripts.
http://cgiwrap.unixtools.org/ "CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms without compromising the security of the http server. Scripts are run with the permissions of the user who owns the script. In addition, several security checks are performed on the script, which will not be executed if any checks fail." Since scripts uploaded via FTP will be owned by your customers UID, they should then run under his UID. I am not sure, however, if you could get the whole apache subprocess to be run under a different UID this way, but then I am not sure if this would give additional security or other advantages. BTW. I've seen some descriptions on how to set up CGIwrap transparently so your customers whouldn't even notice CGIwrap is running. Something with setting up a handler for file extensions. Maybecheck the tips and tricks page http://cgiwrap.unixtools.org/tricks.html on this as well as for some nice mod_rewrite rules ;-) Cheers, Marcel
