Received: by taz.hyperreal.com (8.8.3/V2.0) id TAA06890;
 Thu, 2 Jan 1997 19:56:22 -0800 (PST)
Received: from duct.mail.pipex.net by taz.hyperreal.com (8.8.3/V2.0) with SMTP
 id TAA06880; Thu, 2 Jan 1997 19:56:17 -0800 (PST)
Received: from localhost.my.domain (actually imdb.demon.co.uk) by
 duct.mail.pipex.net with SMTP (PP);
          Fri, 3 Jan 1997 03:54:03 +0000
Message-Id: <199701030333.DAA13448>
Subject: suexec modification (fwd)
To: new-httpd@mail.apache.org (apache)
Date: Fri, 3 Jan 1997 03:33:28 +0000 (GMT)
From: robh@imdb.com (Rob Hartill)
Organization: Internet Movie Database Ltd.
X-pgp-public-key: http://us.imdb.com/pgp.html
X-Mailer: ELM [version 2.4 PL24 ME8a]
Content-Type: text
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com


not acked

----- Forwarded message from Curtis Wilbar -----

From: Curtis Wilbar <curtis@ici.net>
Date: Thu, 2 Jan 1997 20:43:25 -0500 (EST)
Message-Id: <199701030143.UAA26717@pike.ici.net>
To: apache-bugs@apache.org
Subject: suexec modification
Cc: curtis@ici.net


I recently sent mail with a modifcation of suexec to allow it to compile
and run under SunOS, and Solaris.

I mentioned another modification that I was working on.  I have briefly
tested this, and it seems to work.

I figure that if this is a capability that I wanted here, there must be
others who would desire this capability as well.

This mod may have been more appropriate in the server code, but it was
50/50, and easier to implement and test separately in the suexec code.

Here's the summary of the new capability....

if compiled with -DRUNASOWN, then suexec will run the cgi as the owner and
group of the cgi program being called.  The group ownership of the file
must match the group the user belongs to in the password file.  The
directory the cgi is in must match owner/group of the cgi program as well.
The existing checks for setuid and directory writability by others is
retained as well.

This also contains my setenv function call (as SunOS and Solaris do not have
this system call).  -DNOSETENV is required to enable my write of the setenv
function (which uses putenv as the actual system call).

Please give me feedback as to wether or not these changes are:

1. desirable
2. addressed to the wrong people (should I be using an addr other then
   apache-bugs@apache.org).

Thanks...

-- Curt

Curtis H. Wilbar Jr.
Chief Technology Officer
The Internet Connection, Inc.
curtis@ici.net

----- End of forwarded message from Curtis Wilbar -----

-- 
Rob Hartill.       Internet Movie Database Ltd.    http://www.imdb.com/