httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: Suexec permissions question
Date Thu, 03 Mar 2016 20:01:31 GMT
I think this can be summarized as follows;

Httpd starts as root, changes to httpd user account.

AppDev user account is compiled-in to suexec as run-if-owner matches that
user account.

Suexec invokes AppDev's script with the appropriate userid of AppRun
account in lieu of AppDev user.

AppRun user has no permission to manipulate AppDev owned applications.

Suexec will refuse to run applications owned by AppRun account itself.

Mime
View raw message