Gentoo Archives: gentoo-hardened

From: Julius Loman <lomo@×××××××.net>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] running php scripts as owner
Date: Wed, 28 Sep 2005 06:59:21
Message-Id: 20050928065748.GN25784@kyberia.net
1 Hi
2
3 I'm preparing a new server based on gentoo-selinux that will be used as
4 shell hosting. For security reasons I want to have php scripts running
5 under file owner UID.
6
7 There are several approaches for doing this as far as I know:
8
9 1. mod_suphp wrapper (www-apache/mod_suphp)
10 2. fastcgi (net-www/mod_fastcgi)
11 3. patched suexec (phpsuexec)
12
13 Performance for me is not a really critical point. (Fastcgi should be
14 faster than suphp). I like suphp because there is no need to change user
15 php scripts (e.g. chmodding +x).
16
17 Is one of apporaches directly supported in gentoo-selinux ? Or is there
18 another supported solution I've overlooked ?
19
20 Thanks,
21 Julius
22
23 --
24
25 [ Julius Loman ][ lomo@×××××××.net ][ http://lomo.kyberia.net ][ icq:35732873 ]

Replies

Subject Author
Re: [gentoo-hardened] running php scripts as owner Anthony Gorecki <agorecki@××××××××××.com>