httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lee Fellows <lfell...@4lane.com>
Subject Re: file's permissions in cgi
Date Wed, 03 Jul 2002 15:40:53 GMT
On Wed, 2002-07-03 at 09:20, Mauricio wrote:
> Lee, my doubt is, I have to create a user called www, and to do chown my cgi
> for user www, and run apache as user www?
> And, how do I run apache as www? Do I need change my user nobody group
> nobody for user www?
> I need help about it.
> Thanks in advance.
> 
> Mauricio.
> 
> ----- Original Message -----
> From: "Lee Fellows" <lfellows@4lane.com>
> To: <users@httpd.apache.org>
> Sent: Wednesday, July 03, 2002 9:07 AM
> Subject: Re: file's permissions in cgi
> 
> 
> > On Tue, 2002-07-02 at 16:56, Mauricio wrote:
> > > Hi for all.
> > > When a user run a cgi, he execute as "others".
> > > Then I have a file .cgi with the permissions:
> > > r_xr_xr_x
> > > The problem is that anyone user that log in server using telnet can to
> execute this file.
> > > Can anyone help me?
> > >
> > > Mauricio
> > > +55 - (041) - 219-5246
> > > mandrade@pr.gov.br
> >
> > Hi Mauricio,
> >
> >   What exactly is the concern?  Whether they can execute it from
> > a browser, or from the command line, would seem irrelevent.
> >
> >   You say they are executing it as the group 'others'?  Not in a usual
> > apache installation.  Normally apache would execute it as its user
> > or group which varies from installation to installation, but user nobody
> > and group nobody are common.
> >
> >
> >
> >
> >

On Wed, 2002-07-03 at 09:20, Mauricio wrote:
> Lee, my doubt is, I have to create a user called www, and to do chown my cgi
> for user www, and run apache as user www?
> And, how do I run apache as www? Do I need change my user nobody group
> nobody for user www?
> I need help about it.
> Thanks in advance.
> 
> Mauricio.

Hi Mauricio,

  What are User and Group set to in your httpd.conf file?

  The user/group that apache runs as is determined by the values
  you have set here, provided such a user/group exists on the system.

  CGIs do not need to be 'owned' by the apache user/group to be
  executeable by apache.  If the apache user/group do not match the
  cgi's user/group values, but the cgi's file attributes include execute
  permission for everyone, then apache can run it.  



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message