Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 775 invoked from network); 15 Sep 2006 18:32:33 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 15 Sep 2006 18:32:33 -0000 Received: (qmail 86019 invoked by uid 500); 15 Sep 2006 18:32:24 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 85745 invoked by uid 500); 15 Sep 2006 18:32:23 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 85734 invoked by uid 99); 15 Sep 2006 18:32:23 -0000 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=DNS_FROM_RFC_ABUSE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: domain of jslive@gmail.com designates 66.249.82.233 as permitted sender) Received: from [66.249.82.233] (HELO wx-out-0506.google.com) (66.249.82.233) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Sep 2006 11:32:22 -0700 Received: by wx-out-0506.google.com with SMTP id s19so3290584wxc for ; Fri, 15 Sep 2006 11:31:02 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=gkeYpTUjs6pT014HGU+OXKJmJ+JOADz31bMA8P9f/pJl+Lmo2PBsqMA0bQ/XFqolQDrapoGg3UaqrYBn9cx42/lOgoj2U2bQv6H5buJE2HfcsuvtlTx4PjhnQ8V+gOKubJiB3MHaIDLeu8ka5JTzP5KyqeIG3Qavgzi1xhsFwpA= Received: by 10.70.37.12 with SMTP id k12mr15157677wxk; Fri, 15 Sep 2006 11:31:02 -0700 (PDT) Received: by 10.70.45.7 with HTTP; Fri, 15 Sep 2006 11:31:01 -0700 (PDT) Message-ID: Date: Fri, 15 Sep 2006 14:31:01 -0400 From: "Joshua Slive" Sender: jslive@gmail.com To: users@httpd.apache.org In-Reply-To: <29543.142.56.86.23.1158263346.squirrel@moutarde.zioup.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <29543.142.56.86.23.1158263346.squirrel@moutarde.zioup.com> X-Google-Sender-Auth: fff2cb205ee8157a X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Question about suexec X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N On 9/14/06, Yves Dorfsman wrote: > > > Anybody has any idea if it's possible to do something like: > > SuexecUserGroup $REMOTE_USER agroup > > What I'm trying to do, is have the CGIs executed with the uid of the > authenticating user, but everybody will be using the same script, and the > same URL. > > I've googled for it, and there are hints that people are doing this out > there, but no example of configuration (the one above is of course > completely invalid). On one page one guy's saying that he re-wrote su-exec > to be able to do all sort of things... but I really want to stay as close to > vanilla as possible. No, this is not possible and not wise. You would need to strip away the most important security protections of suexec to do this. If you really need this, look into sudo, which could be used in conjunction with suexec or in an ordinary cgi script. But watch out. You could easily create massive security wholes if you don't know what you are doing. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org