[Mono-list] XSP in a multi-user Linux box

Gonzalo Paniagua Javier gonzalo@ximian.com
Wed, 10 Dec 2003 03:05:47 +0100

El vie, 05-12-2003 a las 13:18, Cesar Mello escribió:
> Hello!
> I would like to hear suggestions on how to handle this:
> I've set up a Linux box running XSP. I would like to enable each user to 
> have his own public_html directory in his home, and that directory would 
> be published as "http://domain/user". Right now, I have placed symbolic 
> links inside the XSP root directory, to the public_html directories. It 
> is working for a first try, but as I'm running XSP with root privileges, 
> the users have root privileges and then there is no security.
> So my two questions:
> 1) Is there an easy way to avoid the security problem?

Make the users allow reading permission for everybody in all
files/directories under public_html.

> 2) Wouldn't it be much better to create an application for each user, or 
> even allow the users to create their own applications? This would be 
> great to provide "XSP web hosting". :-) Yesterday I asked this on IRC 
> and there was some discussion on the possibility of adding applications 
> to the XSP server without restarting it. Any thoughts? Maybe, if I use 
> an Apache web server with mod_mono, would this be handled easier?

Adding an application for each user on request is easy. The problem is
that we have no means to change user privileges for an AppDomain/Thread