You are a brave soul. I dont know of any place that allows untrusted users to execute any script. But, I know it has been done with some amount of security. I dont know how to implement it myself, but ask the guy at www.fuzzymonkey.org for some advice. I Think he has some experience in it. Jay -----Original Message----- From: tclug-list-admin at mn-linux.org [mailto:tclug-list-admin at mn-linux.org]On Behalf Of Jason Jorgensen Sent: Tuesday, July 31, 2001 10:50 AM To: tclug-list at mn-linux.org Subject: [TCLUG] Homedir web server We have a webserver for our users personal web space. I am interested in what you all have done in locking down your users personal web space. We are allowing cgi's and it concerns me. The users directories are all owned by the same user, the user does not have a real account on the box. We are using the virtual user proftp stuff so that real users arent needed. As a consequence I cant use apache's SUexec since it would try to run the .cgi as a user that doesnt really exist. I was thinking it might be possible to chroot apache and provide a seperate version of perl inside the apache chroot'd area. If that would work I wouldnt have to worry about permissions and other things on the box. But for some reason I dont think it would work. Advice appreciated. _______________________________________________ tclug-list mailing list tclug-list at mn-linux.org https://mailman.mn-linux.org/mailman/listinfo/tclug-list