httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Montague <m...@catseye.org>
Subject Re: [users@httpd] Running cgi binaries as root
Date Tue, 24 Jan 2012 14:19:49 GMT
On January 24, 2012 9:00 , Tarzan Jane <lapierre62@hotmail.com> wrote:
> The scripts address IO-pins on the embedded system [...] If I run the 
> scripts as root in the /var/www/cgi-bin directory all is fine. But 
> when trying to run the scripts using Apache via a web page nothing 
> happens. This is because the scripts are run as www-data user and the 
> www-data user is not allowed to perform these actions. Suexec doesn't 
> work either because suexec expects ascii written cgi/php/pl script.

If you can grant the www-data user the right to address the IO pins, 
that is the best solution.  This way, the CGIs are given only the 
permissions they need, not superuser (root) permissions to do 
everything.  If, for example, the IO pins are addressed through device 
files, then you may be able to simply change the owner of the device 
files to www-data.

Otherwise, you can change the owner of the CGI binaries to be root and 
turn on the set-uid bit.  This way, when the CGI binaries are run they 
will be run as root.  https://en.wikipedia.org/wiki/Setuid    Since 
you've already said that you're aware of the security issues, I won't 
repeat any dire warnings here.

--
   Mark Montague
   mark@catseye.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message