I have been struggling somewhat with linux.. like that isn't normal. Okay, I really want my dir structure like this.

/home/theuser/cgi-bin
/home/theuser/public_ftp
/home/theuser/public_html

I beleive this is the classic way to set up a http server otherwise apache. Now, I understand that the newest apache release doesn't come with suEXEC installed.. and if I am right, then suEXEC is just cgiwrapper, am I correct?

Is there a distribution that is designed just to be a webserver, with cgi access, and ftp access?

In the above, where I mentioned my dir structure, all I have to do now is install cgiwrapper... however I have been reading the info on cgiwrapper, and it wants to run the bin in /home/theuser/public_html/cgi-bin
this I do not want, and I hope it can be done differently. I am sure someone will inform me from this forum. Then as far as ftp goes I was told not to use wuftp because of security issues. Should I be using Caldera eServer for putting up a webserver that I wish to have customers on. On this server I will be doing most of the website work, and providing to my customers. However, I will also want to give access to others.

http://www.linuxnewbie.org/ubb/Forum21/HTML/001230.html

use suexec.
You dont need a /home/user/cgi-bin folder, it wont make anything any safer and will end up making your setup more complex.

the above link will set it up just how you want it. just un-comment the userdir stuff and set the directory to /home/*/public_html in the httpd.conf file, and your all fine.

in your /etc/skel
mkdir public_html
mkdir public_html/cgi-bin
mkdir ftp
chmod 755 public_html/cgi-bin
chmod 751 public_html/

whenever you add new users to the system, those folders will be created automaticly (with proper permissions and whatnot).
you'll have to manually change some file (dont remember which), so that the default home user persmissions are 751 otherwise you'll get forbidden errors.

make every user in the same group (the group that apache runs as. mine is 'cust' ), and then you can use 775 for folders/files that you want php to write to. this could allow other users to write to another users file though.

if you put each user in their own group, this will effictivly remove the ability to create/write/modify files (or any other command from the filesystem section of the php manual), without also isntalling php as a cgi binary, adding #!/path/to/php and changing those php scripts to script.cgi

a couple of options to consider.

as for ftp, use proftpd, cvs version, dont count on any other ftp server to do as good as a job for free. if you can afford it, go with ncftpd

as for you distro question, its all linux, and it all works the same.

the only real differences between say redhat and debian is apt-get v.s. rpm and /etc/rc.d/rcx.d/ vs /etc/rcx.d/

RedHat works just fine for a webserver. if you want secure, you would use BSD instead.

take my advice above, i run a webserver with 17 domains on it, my setup works near perfect.

any other questions, just ask.

Yep, take Sweede advice and work with your server, you'll be fine, hehe [Sweede, helped me a lot! http://www.linuxnewbie.org/ubb/tongue.gif]

BUT, remember...

The configure command for Apache suEXEC install should be:

--enable-suexec \

NOT

--with-suexec \

at http://www.linuxnewbie.org/ubb/Forum21/HTML/001230.html http://www.linuxnewbie.org/ubb/biggrin.gif

[This message has been edited by ckevin (edited 03 December 2000).]

Originally posted by ckevin:
Yep, take Sweede advice and work with your server, you'll be fine, hehe [Sweede, helped me a lot! http://www.linuxnewbie.org/ubb/tongue.gif]

BUT, remember...

The configure command for Apache suEXEC install should be:

--enable-suexec \

NOT

--with-suexec \

at http://www.linuxnewbie.org/ubb/Forum21/HTML/001230.html http://www.linuxnewbie.org/ubb/biggrin.gif

[This message has been edited by ckevin (edited 03 December 2000).]

whoops :x
i fixes that though http://www.linuxnewbie.org/ubb/smile.gif

no matter how many times i double check it, i always do that somewhere :\

I am a bit confused.. I stated I "MUST" have my cgi-bin in /home/theuser/cgi-bin/
not under the public_html dir. This is becaues of ecommerce security, and if it is more complicated to set up so be it. There isn't any other way. Most of the information you supplied is very usefully however.

Though, I wish you would answer the question asked. I thought I was very clear and specific in my first question.

So, one step outta time, how do I install suEXEC? (exactly) Does this mean, I don't need the cgiwrapper, or was that because now you want me to put my cgi-bin under the html dir? (which won't happen in my case)

AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH!

linux is hard, I wouldn't have started to use it unless I knew I was infor some hard times.

Originally posted by medunn0u:
I am a bit confused.. I stated I "MUST" have my cgi-bin in /home/theuser/cgi-bin/
not under the public_html dir. This is becaues of ecommerce security, and if it is more complicated to set up so be it. There isn't any other way. Most of the information you supplied is very usefully however.

Though, I wish you would answer the question asked. I thought I was very clear and specific in my first question.

So, one step outta time, how do I install suEXEC? (exactly) Does this mean, I don't need the cgiwrapper, or was that because now you want me to put my cgi-bin under the html dir? (which won't happen in my case)

AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH!

linux is hard, I wouldn't have started to use it unless I knew I was infor some hard times.


what e-commerce package are you using?

having worked with apache for about 2 years, web devel for 3 and hosting for a little over a year. Been offered jobs at high tech webhosting companies (turned down becuase of legal problems here at home http://www.linuxnewbie.org/ubb/frown.gif ), i can say that i never have seen a script or cgi-based program that REQUIRES CGI-BIN to NOT be in the www root.


i strongly suggest using SUEXEC, this is what the package was designed for.however, you might be able to get around your 'requirement' by using
--suexec-userdir=cgi-bin

if you do it this way, you MUST use an Alias, ScriptAlias or use MOD_REWRITE to direct
www.domain.com/cgi-bin/* (http://www.domain.com/cgi-bin/*) requsts to /home/user/cgi-bin
( Alias /cgi-bin/ /home/*/cgi-bin or
ScriptAlias /cgi-bin/ /home/*/cgi-bin
in the virtualhost directive )

users will not be able to run cgi scripts of any kind outside of the /home/user/cgi-bin directory.


the other option is to use the cgiwrap program. i havent used it nor know how to configure/install/use it. http://cgiwrap.unixtools.org/


the only thing the a cgi-wrapper (suexec) does is run the script as the user specified in the httpd.conf file's <virtualhost > context, (cgiwrap) or as the actuall owner of the script.

this makes any CGI script attack damages limited to the context that the user has access to, which would be
/tmp
/home/username/*

Normally, everything runs as the apache user itself (nobody, httpd, www) and CGI attacks can damage any directory that apache has write access to regardless of userspace.

for scripts that write to the filesystem, the directory that the file is writting two MUST be chmod'd 777, which is really really bad. any user ANYWHERE can write to that directory.

using a cgi-wrapper and being intellegent and never chmoding a web-accessible directory to 777 will be an infinate times safer.


if any of that made sense..
heh