[svlug] To suEXEC or not

Alvin Oga alvin at planet.fef.com
Tue Nov 10 14:53:17 PST 1998

Previous message: [svlug] To suEXEC or not
Next message: [svlug] mod_perl/php and apache?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi robert...

> suEXEC was realy made for ISP's and the like.  Where you have normal users
> creating CGI scripts.
> 
> Under normal conditions, if a user wants the CGI script to write to a file, the
> file must be writable by the webserver's UID.  This then allows other peoples
> CGI scripts to write to the file also.  The suEXEC fixes this by changing the
> EUID of the process running the CGI script to the owner of the CGI script.  At
> this point the writer of the CGI script only has access to his/her own files, 
> because other people don't have to open their files for write access to the
> webserver UID.

yeah...that makes sense when multiple people with different UIDs all want to
have apache write files based on the many script owner.....
	( only one normal UID in our case, in addition to normal WebMaster )

and since I want the cgi-script to first do a chown/chmod after the 
script creates the file....seems like it's a better option than suEXEC...
	( because the script can be run as HTMLEditors, root, joe, etc...
	( and all the resulting files need to be readable by apache

thanx
alvin

--
echo "unsubscribe svlug" | mail majordomo at svlug.org
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ to unsubscribe

Previous message: [svlug] To suEXEC or not
Next message: [svlug] mod_perl/php and apache?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list