[Typo3-dev] Negative impact of phpsuexec on Typo3 installations!

[Christopher]

Hiya,

--- Jasper <jasper at jaspermall.com> wrote:
> Many web hosts are starting to implement phpsuexec for security and
> tracking
> purposes. This has a very large impact on Typo3 installations since
> phpsuexec will not execute a symlink. The following are the rules (as
> I
> understand them) for phpsuexec:
> 
> 1. User executing the wrapper must be a valid user on this system.
> 2. The command that the request wishes to execute must not contain a
> /.
> 3. The command being executed must reside under the user's web
> document
> root..
> 4. The current working directory must be a directory.
> 5. The current working directory must not be writable by group or
> other.
> 6. The command being executed cannot be a symbolic link.
> 7. The command being executed cannot be writable by group or other.
> 8. The command being executed cannot be a setuid or setgid program.
> 9. The target UID and GID must be a valid user and group on this
> system.
> 10. The target UID and GID to execute as, must match the UID and GID
> of the
> directory.
> 11. The target execution UID and GID must not be the privledged ID 0.
> 12. Group access list is set to NOGROUP and the command is executed.

Well, I know what you mean about the symlinks now... I'm working with a
host right now to try to get this to work. According to them, symlinks
*can* be made to work under suexec - though they have yet to prove this
to me ;-)

If it does work, and provided that they can/will explain to me just
what was required to do it, I'll post back to this thread with the
results.

-Christopher



	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/