You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Ben Gill <Be...@t-mobile.co.uk> on 2004/09/28 11:14:09 UTC
[users@httpd] Running scripts as different users
Hi,
I have 2 applications (PHP) running under my apache 2 server
(httpd.2.0.50) server and it runs as user apache.
My htdocs area looks like this:
htdocs/appA
htdocs/appB
Currently appA and appB are owned by apache.
I would like appA to run as userA and appB to run as user appB.
I would like the applications to both be accesible via port 80.
Is Suexec my only solution here?
I got the impression (from reading a lot of posts) that in Apache 1.x
you used to be able to do this using VirtualHost tag. But I tried using
SuexecUserGroup inside this tag and this did not work either (maybe
because I did not explicitly compile apache with Suexec support?)
Any help would be appreciated....
Re: [users@httpd] Running scripts as different users
Posted by Joshua Slive <js...@gmail.com>.
[Please post in plain text.]
> I would like appA to run as userA and appB to run as user appB.
> I would like the applications to both be accesible via port 80.
> Is Suexec my only solution here?
You have two options:
1. suexec/cgiwrap/etc (suid execution of cgi scripts)
2. Run the two apps on different apache instances on different ports
and use ProxyPass from apache on port 80 to reach the other apps.
And no, this was never possible with apache 1.3. User/Group inside
the <VirtualHost> only affected suexec, not the user for regular
requests. This is a basic limit of the unix permissions model. You
can't switch users inside the same process and then get back to root
again without creating security problems.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Running scripts as different users
Posted by Aman Raheja <ar...@techquotes.com>.
You can also do this
If you don't mind these users to be in the apache group and let the
group have execute permission on the scripts - depends on your security
policies but is indeed an option.
Aman Raheja
Ben Gill wrote:
> Hi,
>
> I have 2 applications (PHP) running under my apache 2 server
> (httpd.2.0.50) server and it runs as user apache.
>
> My htdocs area looks like this:
>
>
> htdocs/appA
> htdocs/appB
>
> Currently appA and appB are owned by apache.
>
> I would like appA to run as userA and appB to run as user appB.
>
> I would like the applications to both be accesible via port 80.
>
> Is Suexec my only solution here?
>
> I got the impression (from reading a lot of posts) that in Apache 1.x
> you used to be able to do this using VirtualHost tag. But I tried
> using SuexecUserGroup inside this tag and this did not work either
> (maybe because I did not explicitly compile apache with Suexec support?)
>
> Any help would be appreciated....
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org