httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Thagard <>
Subject Re: [users@httpd] suEXEC question
Date Wed, 26 Oct 2005 17:12:11 GMT
I see your point regarding sudo. This opens up a can of security-related 
worms. Could anyone suggest a safe, reliable way to authenticate users 
via Apache and then execute code as the user to do things like:

* change passwords
* turn off/on vacation


Joshua Slive wrote:

>On 10/25/05, Gordon Thagard <> wrote:
>>After reading the security checks list it seems somewhat clear that only
>>the apache (perhaps the "nobody" user, as that's how I've set mine) user
>>can execute cgi or PHP code. I want users to be able to authenticate and
>>then be able to:
>>a. change passwords
>>b. turn off/on vacation via /usr/local/bin/vacation
>>c. turn off/on spam filtering via adding/removing a pre-written
>>.mailfilter file into/out of the user's home directory
>>Is this possible via the User directories usage description above or is
>>there another way or no way using Apache?
>No, this is not a good usage of suexec.  You would need to put cgi
>scripts in each users home directory to make it work.
>You should look into sudo, but be very careful.  Allowing access to
>regular accounts over the web is a good way to compromise your server.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message