> I want to enable some friends of mine to host their web pages on my > woody server. It has Apache LAMP running in great shape and it suits my > Web page just fine. The Problem that I have now is, that the apache user > is www-data. Well, I guessed I could just change the user permissions on > the /var/www/<path.to.site> directories to the respective user names, > but that doesnt do the trick, because then, all write permissions for > cgi scripts for these diretories are gone, as they no longer belong to > www-data.
maybe you can try what i've used , which basically is : #1 - mod_diffprivs http://sourceforge.net/projects/moddiffprivs/ this apache module enables apache to switch uid/gid when serving virtual hosts . each virtual host is effectively served as the owner . take for example this vhost snippet : <VirtualHost *> DocumentRoot -(removed)- ServerName gum.doubleukay.com Privs hata hata PrivsGroups On </VirtualHost> when a request is sent for gum.doubleukay.com , its php/cgi scripts will create/read files and execute commands as user hata and group hata . #2 - ERUP (enhanced regular user privileges) http://www.wijata.com/erup and this one lets me grant the apache user (www-data) privilege to perform uid/gid switching , so that i dont have to run apache as root . there's a few performance-related issues with the above setup though . HTTP keepalives and pipelining have to be disabled because once an apache child switches uid , it cant switch back to www-data and serve subsequent requests . the clients would notice a definite 'lag' in page loading as a new connection would have to be open to the http server for each element . the server would also undergo load problems as new children would have to be forked for each http request . however , there is a way to reduce this problem :) regards, wK (www.doubleukay.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
