httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] suEXEC question
Date Tue, 25 Oct 2005 20:25:15 GMT
On 10/25/05, Gordon Thagard <gordon@eng.fsu.edu> wrote:

> After reading the security checks list it seems somewhat clear that only
> the apache (perhaps the "nobody" user, as that's how I've set mine) user
> can execute cgi or PHP code. I want users to be able to authenticate and
> then be able to:
>
> a. change passwords
> b. turn off/on vacation via /usr/local/bin/vacation
> c. turn off/on spam filtering via adding/removing a pre-written
> .mailfilter file into/out of the user's home directory
>
> Is this possible via the User directories usage description above or is
> there another way or no way using Apache?

No, this is not a good usage of suexec.  You would need to put cgi
scripts in each users home directory to make it work.

You should look into sudo, but be very careful.  Allowing access to
regular accounts over the web is a good way to compromise your server.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message