apache/grouping/suexec/permissions
I apologize for this being so long, so i'm warning you, its kind of long, so if you dont want to read it don't.
===========================================================
say i have
/home/sites/domain1.com/public_html
/home/sites/domain2.com/public_html
/home/sites/domain3.com/public_html
/home/sites/domain4.com/public_html
/home/sites/domain5.com/public_html
/home/sites/domain6.com/public_html
/home/sites/domain7.com/public_html
/home/sites/domain8.com/public_html
/home/sites/domain9.com/public_html
/home/sites/domain10.com/public_html
10 domains
Each domain has a cgi-bin of course.
anyhow
say domain one is set up like this
# domain1.com
<VirtualHost 216.18.0.178:80>
User bob
Group bob
ServerName domain1.com
ServerAlias www.domain1.com
ScriptAlias /cgi-bin/ /home/sites/domain1.com/public_html/cgi-bin/
DocumentRoot /home/sites/domain1.com/public_html
ErrorLog /home/sites/domain1.com/logs/error_log
CustomLog /home/sites/domain1.com/logs/access_log combined
</VirtualHost>
so when you put something like id.cgi in side the cgi bin
and id.cgi has :
#!/usr/bin/perl
print "Content-Type: text/html\n\n";
print "<B>user id!</b>\n";
print "<pre>";
system('id');
print "</pre>";
you would of cousre, see something like this
uid=501(bob) gid=501(bob) groups=501(bob)
Each domain has its own username. So to modify each domain, you have to ftp in as the username for that domain, or su as the user.
What i want to do is i want to create a username called master, taht will have a home dir of /home/sites, and will have full control over /home/sites/* BUT STILL ALLOW each user to control its own domain/directory and have full permission for their own dir/domain...
I know how to give the username master a home dir of /home/sites -- dont worry.
what im saying is this:
say all the files in /home/sites/domain1.com/ and on are owned by bob.bob so /home/sites/domain1.com/*
if you ftp in, as the username bob, and go in /home/sites/domain1.com/public_html/ and put an image called toy.gif
it will easily load on the web, and when you ls -al in /home/sites/domain1.com/public_html you will see bob bob (that it's owned by bob.bob)
so what i want to be able to do is ftp in with the username master, switch over to /home/sites/domain1.com/public_html (because master should have permission to go in and do whatever it wants) and DEL toy.gif EVEN THOUGH it is owned by bob.bob
be able to del, be able to upload files there, as the username master, and have the username BOB be able to DELETE the files that master puts there
ya know?
so its like they are sharing a house
So in sense "master" is like the "root user" for /home/sites/*
that is what i'd like to do. i am guessing id have to group master with all these users, correct? Could anyone explain to me an easy way or the simplest way to go about it
====================================================================================================================
Part TWO
===============================
Keep in mind everything i just said.
If you ftp in as the username bob, and go in /home/sites/domain1.com/public_html/cgi-bin and put id.cgi in there, chmod 755 it. it will be owned by bob.bob, and will EXECUTE as bob, becuase apache has
User bob
Group bob
in the httpd.conf
so when you goto www.domain1.com/cgi-bin/id.cgi it wil show
uid=501(bob) gid=501(bob) groups=501(bob)
which is GOOD.
so say bob deletes id.cgi
ok
its GONE
bob logs out.
=================================================================================
so say master logs in
i would like to make it, so the username master can ftp in, and go in domain1.com/public_html/cgi-bin and be able to upload id.cgi
chmod 755 it
and make it so whe you goto www.domain1.com/cgi-bin/id.cgi it will still execute.....
What the output would be, i wouldnt konw.
but im guessing it would look something like this
uid=501(bob) gid=501(somegroup) groups=501(bob)
or something
So basically, i want to be able to have master and any of the users in /home/sites/* be able to share everything
so master can go in any dirs, and delet, create, and those users can delete what master creates/modify what he creates
and same for master
but at the same i want to ensure all CGI files actually execute, so i know id hav eto modify the user group for each domain....
I'm really sorry that this is so long, but this is the only way i think i can describe what i want to do / how i want to do this.
If anyone has any information on how I can do part one, PLUS part two (The cgi bit with suexec), or any ideas, or has ANY clue what im talking about, id appreciate any replies.
