[freeside] Billing and other questions

Gordon Smith gordon at isl.net.nz
Mon Jun 5 23:59:16 PDT 2000


With suexec, I was meaning that suexec must remain in the document root
by default (bottom of the suexec page)  :-)

I can sympathise with people trying to get mod_perl working now, having
just built apache with mod_perl, mod_ssl, php4 and (ick!) frontpage.

For others cotemplating doing this, you MUST sacrifice a small goat
during compilation. Or it won't work.

As an aside, is there any reason not to use php for reporting out of
freeside?

Cheers,
Gordon



ivan wrote:
> 
> On Tue, Jun 06, 2000 at 06:28:10PM +1200, Gordon Smith wrote:
> > Thanks Ivan. This setup is an interim measure, since they are a small
> > ISP with no money  :-)
> >
> > I'll have a look at the perl stuff - I'm still learning perl at the
> > moment...
> >
> > I do have another suggestion, that you probably won't agree with.
> 
> Hehe, yep, you're right.
> 
> > Thats having the option of running freeside as the nobody user, rather
> > than using wrappers for the CGI scripts.
> 
> Nope.  This would, in effect, mean that the nobody user would have full
> access to your customer database, and (if exporting is setup) root access
> to other machines.  Since the nobody user is the default for "unsafe"
> daemons etc., this is a really bad idea (despite the fact that your
> Freeside machine should be secured).
> 
> > If used with ssl and .htaccess,
> 
> Umm, you should be using SSL and .htaccess (or one of the database
> equivalents) *regardless*.
> 
> > it would still be quite secure. The problem with suexec is that the CGI
> > scripts must reside in the root web, not in sub-folders, although this
> > can be changed by hacking the source for suexec.
> 
> Umm, I don't understand your terminology here.  What's a `root web'?
> What's a `sub-folder'?  If I read them as `DocumentRoot' and
> `subdirectory' your statment is false, and if you are hacking suEXEC
> you're likely to break any security you've gained by using it.  See the
> warnings at <http://www.apache.org/docs/suexec.html>.
> 
> suEXEC is a sub-optimal solution in the long run, anyway.  Like setuid
> execution, it's only supported because of the problems people have getting
> mod_perl running.
>



More information about the freeside-users mailing list