[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: virtual hosts with own cgi-bin?



John Wolgamot said:
> Danny Sauer <cloudmaster@cloudmaster.com> wrote ..
>
>> That's pretty much how I generally do it - though my scheme is to set
>> up a directory for each virtual host - /home/www/www.domain.com - and
>> within that directory make 2 subdirs, "docs" and "cgi-bin".  The
>> "docs" dir is the server root and cgi-bin is ScriptAlias'd to
>> /cgi-bin.  I
>
>> mostly do that because I don't like aliasing a virtual path over the
>> top of a real path - that kind of thing can only come back to bite you
>> later.
>
>
>
> Thanks for the insite Danny.
>
> So it's not the best idea to place a users site within a sub dir of
> their home dir?
>
> If user robert has a sub diretory called website in his home directory.
>
> If I alias the cgi-bin to:
> /home/robert/website/cgi-bin
>
> this may come back to bite me?

No, it's fine (probably preferable) to pu tthe website in the user's home
directory.  I was talking about the cgi-bin part.  If there's a directory
/home/robert/website, and it's set up as the document root for
robert.domain.com, then /home/robert/website/cgi-bin is already accessible
as http://robert.domain.com/cgi-bin, but it's not able to run CGI scripts
(by default).  When you do the ScriptAlias thing, it aliases the cgi-bin
directory to the same place where it would have been accesible before.

There's nothing technically wrong with that, but doing things like that
make it slightly more difficult to debug when problems show up.  For
example, say you accidentally type "ScriptAlas
/home/robert/website/cgi-bin /cgi-bin" - you forgot the "i" in alias. 
It's not immediately obvious what the problem is, because you can see the
cgi-bin directory in a web browser, but it's not running scipts.  So, you
waste a lot of time checking file permissions, verifying mime-types, etc. 
If the cgi-bin directory was instead /home/robert/cgi-bin, then any error
in the ScriptAlias line will completely prevent the cgi-bin URL from
showing up in a web browser.  My view is that, if you're going to alias a
directory into the URL space, it shouldn't already be there.  To do what
you're suggesting, it'd probably be better to add a handler inside of a
<Location /cgi-bin> section - though I forget if you can do that for CGI's
without modPerl...

> The reason I started putting websites in users homes because I found
> that usermin, a mod of webmin has a nice java filemanager which jails
> the user to their home so I only had to worry about one root user "ME"
> getting the system goofed up.
>
> I couldn't figure out how to let users log on and keep them jailed to
> certain directories.
>
> So I started placing all these file within the users home since they
> could get to them in their home directory through usermin's filemanager.
>
> If this is bad I would like to revise my thinking before it gets too out
> of hand.

It's been a while since I played with restricting people inside of webmin,
but you might be able to create a directory for each user and make
symlinks to all of the places that you want to give them access to.  Then,
set that directory full of symlinks up as their filemanager's root.  It
seems like that worked on some older versions, but then, I may have just
dreamed that. :)

--Danny, who actually does dream about webmin sometimes :(



-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.