httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fabien COELHO <coe...@cri.ensmp.fr>
Subject Re: better suexec control proposal
Date Wed, 16 Feb 2000 16:24:27 GMT

Hello,

> I actually submitted a possible solution to this in PR 4078.

I looked at the patch. The ability to decide on per-directory or
per-server basis the user and group under which a cgi is executed looks
very interesting to me, even if it does not solve my problem at hand.
Indeed, I want user cgi to run under their own account, and I don't one to
configure the CGIuser for every account. Also, how to disable suexec but
still enabling standard cgi execution with this extension looks unclear to
me. 

However it would solve other problems I have.

> It was shot down as not being in accordance with the intent and 
> design of suexec.

Yes, that's another way of controlling security from the server
configuration instead of from unix access control parameters as it is done
thru suexec. The model is indeed different, but it has no reason
not to be provided if it is useful and small as it looks. 

The only issue is the interaction with the suexec mecanism. If suexec is
enabled, I guess CGIuser and CGIgroup directives should be disabled.
So basically I like it, but who cares ? ;-)

Have a nice day,

-- 
Fabien.




Mime
View raw message