httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Bell <>
Subject suEXEC and /etc/passwd
Date Tue, 04 Feb 2003 19:06:14 GMT

I first posed a question to the users list, and it was recommended that I ask
"the apache developers", which I assumed means ask here.

Quick overview:
I was to use suEXEC with a UID that doesn't have a corresponding username in
/etc/passwd, which suEXEC disallows.  Why? Can I disable that without modifying
source?  If I rip out that check, how I am vulernable?

More context:
I'm running an Ensim-based site with name-based virtual hosts.  suEXEC
is in use.  I want to make the web directories for those hosts
(including cgi-bin directories) owned by a different user than the Ensim
"site administrator".  That is, I want to make them owned by the
"webmaster" user for that domain.  Actually accomplishing that, and
serving static pages and providing FTP access, etc. is not a problem
(which is why I'm not posting to an Ensim list).

The problem is that that user is in the /etc/passwd file for that domain only,
not in the global /etc/passwd file for the system, which is what suEXEC checks.
 From, a condition for success in
suEXEC is:
    5. Is the target user name valid?
        Does the target user exist?

I would like to know how to disable this check.  Do I have to comment
out the lines implementing it in the suEXEC source and recompile?  What
kind of problems do I open myself up to if I do?  (I can't think of any,
as long as the other checks are all in place, and I'm a reasonably
security-minded guy)

Bob Bell <>
 "Q. I find this a nice feature but it is not according to the
     documentation.  Or is it a BUG?
  A. Let's call it an accidental feature. :-)"
   -- Larry Wall, creator of the Perl programming language

View raw message