> If you run your own server, you can set it up so that each webmaster is > locked into a private environment, but it's messy. According to me, you > would need a separate copy of apache for each site, each running under a > different user, and they would need to run on separate ports, which is a > nuisance.
It's called SuEXEC in Apache and compiled in the core of Apache, it's not a module. What it does, it allows Apache to use the Group and User directives inside virtual hosts. For example: <VirtualHost whatever> DocumentRoot /blah User cust001 Group cust001 </VirutalHost> In this case, all files in /blah would be owned by cust001:cust001 and permissions as strict as 0600 can be given on the files in the directory. Apache's processes serving requests on this virutal host, will drop permissions to user and group cust001 as specified in the configuration, so apache would have access to read it. In other virtualhosts, either the default user / group is used, or they are specified uniquely in a per-virtualhost basis. The other virtual hosts will thus run with different uid/gid meaning that other virtualhosts will not be able to include code in other virtualhosts, even when they know the paths. Because Apache drop permissions to the user/group specified, they will not have access to read/write/execute the included filename in a different virtualhost. -- me -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
