httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] Question about suexec
Date Fri, 15 Sep 2006 18:31:01 GMT
On 9/14/06, Yves Dorfsman <yves@zioup.com> wrote:
>
>
> Anybody has any idea if it's possible to do something like:
>
> SuexecUserGroup $REMOTE_USER agroup
>
> What I'm trying to do, is have the CGIs executed with the uid of the
> authenticating user, but everybody will be using the same script, and the
> same URL.
>
> I've googled for it, and there are hints that people are doing this out
> there, but no example of configuration (the one above is of course
> completely invalid). On one page one guy's saying that he re-wrote su-exec
> to be able to do all sort of things... but I really want to stay as close to
> vanilla as possible.

No, this is not possible and not wise.  You would need to strip away
the most important security protections of suexec to do this.

If you really need this, look into sudo, which could be used in
conjunction with suexec or in an ordinary cgi script.  But watch out.
You could easily create massive security wholes if you don't know what
you are doing.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message