httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Thagard <gor...@eng.fsu.edu>
Subject Re: [users@httpd] suEXEC question
Date Wed, 26 Oct 2005 17:12:11 GMT
I see your point regarding sudo. This opens up a can of security-related 
worms. Could anyone suggest a safe, reliable way to authenticate users 
via Apache and then execute code as the user to do things like:

* change passwords
* turn off/on vacation

Regards,

Joshua Slive wrote:

>On 10/25/05, Gordon Thagard <gordon@eng.fsu.edu> wrote:
>
>  
>
>>After reading the security checks list it seems somewhat clear that only
>>the apache (perhaps the "nobody" user, as that's how I've set mine) user
>>can execute cgi or PHP code. I want users to be able to authenticate and
>>then be able to:
>>
>>a. change passwords
>>b. turn off/on vacation via /usr/local/bin/vacation
>>c. turn off/on spam filtering via adding/removing a pre-written
>>.mailfilter file into/out of the user's home directory
>>
>>Is this possible via the User directories usage description above or is
>>there another way or no way using Apache?
>>    
>>
>
>No, this is not a good usage of suexec.  You would need to put cgi
>scripts in each users home directory to make it work.
>
>You should look into sudo, but be very careful.  Allowing access to
>regular accounts over the web is a good way to compromise your server.
>
>Joshua. 
>  
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message