On Thursday 03 Feb 2005 06:10, Ashley M. Kirchner wrote: > Never mind, I figured it out. All users need to be defined under > the docroot for suEXEC to work. That said, docroot (for suEXEC) does > not need to be the same docroot for the main server's html pages. > > So, I now have a suEXEC docroot of /var/www/virtual and I have > individual users' cgi-bin in there and then symlinked back to their > actual $HOME space. Which brings me to my next question: do I leave > that symlink owned by them, or by another user to prevent accidental > deletion of it? (The files with it are still owned by the user so they > can do whatever they want with them obviously, but the symlink itself...?) no. give the symlinks to a control group, or apache. just give the user permission to execute. The symlink is your part of the bargain you make when you allow them to run certain scripts. Its only on lease to them to use, not modify. > > Also, this poses a problem with quota as well. How do I take their > cgi-bin folder into account when calculating quota usage? One symlink won't upset you too much ..AFAIK, quota doesn't follow symlinks ... not too sure if it has a option to follow/not to follow links tho.... if it does follow them, then the content in the cgi-bin is static, so you can easily give them that allowance .. after all, they are paying you extra for those scripts aren't they? If the files the scripts write get to be a problem, then the problem is for the user, who should buy more space off you. -- Tony Dietrich ------------- The longer the title, the less important the job.
