perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dan Horne" <Dan.Ho...@MeridianEnergy.co.nz>
Subject Running scripts as OS user other than apache/nobody
Date Thu, 20 Aug 2009 02:53:21 GMT
Hi
 
I have a need to run various CGI scripts as different OS users, perhaps
by Apache directory or via Apache virtual hosts. This isn't for security
reasons, but because we need to interact with different OS environments
via a web interface, and each environment will require a different OS
user. I should point out that this is on a departmental, low volume
server. Only our team has access to the server - via the web interface
or via ssh. We're using Apache on Redhat 5.3. Due to our support
contract, we must use the vendor's HTTP server rather than compile from
source.
 
The solution I tried used suexec. But it does things like sanitise the
environment, including variables I need like ORACLE_HOME and ORACLE_SID.
And since mod_perl is bundled with Redhat Apache, I figure that maybe it
would be possible to write an mp handler that does a similar job to
suexec but without all the security features I guess suexec includes for
shared hosts and public websites.
 
So my next is - how do I do this? If I simply set my euid within the
handler, won't I effectively be changing the uid of the httpd process?
So could I save my uid, change it to when the CGI script is being
executed, and then change it back again? Advice appreciated.
 
Thanks
 
Dan
 
 

Attention:

This email together with any attachments is confidential. 
If you are not the intended recipient please delete the
 message and notify the sender. Any views or opinions 
presented are solely those of the author and will not 
necessarily reflect the views of Meridian Energy.

************** PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING *************

Mime
View raw message