You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Christian Ehlers <eh...@gmxpro.de> on 2005/05/05 01:27:37 UTC

[users@httpd] Securing cgi (suexec or another solution?)

Hello,

 

I have a question about securing my cgi scripts with suexec.

 

I have successfully setup my apache2 (V.: 2.0.52) with suexec.

 

I am trying to accomplish the following goals:

 

The cgi script should NOT:

   run as the apache user.

   be able to write to itself.

   be able to create files within it's directory.

   be able to write to other cgi scripts in the same directory.

 

 

Unfortunately, suexec seems to require the directory and the cgi to be
executed to be belonging to the user/group that executes it.

 

Is there any way to have suexec not check if the directory/program belongs
to them?

 

I'd prefer to have my script owned by root and running under a normal user
that is not the apache user.  Is there any way to accomplish this with
either suexec or another solution?

 

Thanks for any help.

 

Regards,

 

 Chris