You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by James Ponder <ja...@squish.net> on 2002/08/19 02:20:36 UTC

suexec within Location

On Wed, Aug 07, 2002 at 08:41:41PM -0400, Rob Saccoccio wrote:
> At any rate, I've got alternatives if you think it should remain the way it
> is (say to accommodate the use of the SuexecUserGroup at a finer config
> granularity).

I would very much like to do (in Apache 1.3 syntax):

<VirtualHost ...>
  ServerName example.com
  DocumentRoot /www/example.com/htdocs
  ScriptAlias /newprogram/ /www/example.com/newprogram/cgi
  <Location /newprogram>
    User newprog
    Group newprog
  </Location
</VirtualHost>

(to mean no suexec, except in /newprogram)

My reasons is that I'm adding a new program to a site that isn't suexec
enabled, and I want the added security that comes from running the new
program as a new user.

I've always assumed that this lack of functionality was just historical
since the User/Group directives (and therefore entries in the structure)
were presumably overloaded from the main server configuration when
virtual hosting was added, and it was just convenience that suexec uses
them.  If this is correct presumably there are no fundamental reasons
why suexec configuration cannot be more specific?

I imagine this would be easier to add in Apache 2 now that the directive
is different?

Best wishes, James
-- 
James Ponder; www.squish.net; London, UK