[freeside] Billing and other questions
Gordon Smith
gordon at isl.net.nz
Mon Jun 5 23:59:16 PDT 2000
With suexec, I was meaning that suexec must remain in the document root
by default (bottom of the suexec page) :-)
I can sympathise with people trying to get mod_perl working now, having
just built apache with mod_perl, mod_ssl, php4 and (ick!) frontpage.
For others cotemplating doing this, you MUST sacrifice a small goat
during compilation. Or it won't work.
As an aside, is there any reason not to use php for reporting out of
freeside?
Cheers,
Gordon
ivan wrote:
>
> On Tue, Jun 06, 2000 at 06:28:10PM +1200, Gordon Smith wrote:
> > Thanks Ivan. This setup is an interim measure, since they are a small
> > ISP with no money :-)
> >
> > I'll have a look at the perl stuff - I'm still learning perl at the
> > moment...
> >
> > I do have another suggestion, that you probably won't agree with.
>
> Hehe, yep, you're right.
>
> > Thats having the option of running freeside as the nobody user, rather
> > than using wrappers for the CGI scripts.
>
> Nope. This would, in effect, mean that the nobody user would have full
> access to your customer database, and (if exporting is setup) root access
> to other machines. Since the nobody user is the default for "unsafe"
> daemons etc., this is a really bad idea (despite the fact that your
> Freeside machine should be secured).
>
> > If used with ssl and .htaccess,
>
> Umm, you should be using SSL and .htaccess (or one of the database
> equivalents) *regardless*.
>
> > it would still be quite secure. The problem with suexec is that the CGI
> > scripts must reside in the root web, not in sub-folders, although this
> > can be changed by hacking the source for suexec.
>
> Umm, I don't understand your terminology here. What's a `root web'?
> What's a `sub-folder'? If I read them as `DocumentRoot' and
> `subdirectory' your statment is false, and if you are hacking suEXEC
> you're likely to break any security you've gained by using it. See the
> warnings at <http://www.apache.org/docs/suexec.html>.
>
> suEXEC is a sub-optimal solution in the long run, anyway. Like setuid
> execution, it's only supported because of the problems people have getting
> mod_perl running.
>
More information about the freeside-users
mailing list