Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: user cgi-bin configuration
- To: tlug@example.com
- Subject: Re: user cgi-bin configuration
- From: Jake Morrison <jacob.morrison@example.com>
- Date: Thu, 07 Sep 2000 16:02:36 +0800
- Content-Transfer-Encoding: 7bit
- Content-Type: text/plain; charset=iso-2022-jp
- Organization: Syntegra
- References: <E13WusY-00041x-00@example.com>
- Reply-To: tlug@example.com
- Resent-From: tlug@example.com
- Resent-Message-ID: <6AJL9C.A.j0E.uy0t5@example.com>
- Resent-Sender: tlug-request@example.com
- Sender: jacob.morrison@example.com
Uli, ulrike@example.com wrote: > > > This is generally considered dangerous to do, as the CGI programs run under > > the apache user account. It is also easy for a user to accidentally compromise > > system security with their CGI program. Or it may be possible to affect other > > users CGIs or associated files. > > I see. Actually I wanted to install CGIWrap since the script failed with > "Premature end of script headers", the error logs did not contain any useful > information, and the last time I had this problem someone recommended to run > CGIWrap in debugging mode to see where the script fails. The documentation for > CGIWrap instructions for setup for users said: > > "If you do not already have a cgi-bin directory set up, create one: > > cd ~joe > mkdir public_html > mkdir public_html/cgi-bin > " > > Not that I have installed CGIWrap succesfully yet ... I vaguely remember there > was a perl module or something that helped with debugging, guess I have to go > and read the idiots guide to Perl CGI-programming et al. ... > > > You might want to have a look at Apache's suEXEC support, which can run > > the CGI under the account of the user who owns it. > > This seems to be already installed according to the error.log, but I was a > little alarmed by: > > " ...that the Apache Group hopes to limit suEXEC installation only to those who > are careful and determined enough to use it." > (http://www.apache.org/docs/suexec.html) > > I am a fairly ignorant user, currently the only on my machine who can screw > something up, and actually am spending too much time with setting up software > instead of writing the programs I need for my research, but I guess I have no > choice. But that is one of my favorite forms of procrastination :-). If you can trust the people who would be running the CGIs, you could just use the standard CGI directory. That is easy enough to set up. I typically run apache with user apache, group apache. Then you can use group permissions to control access to the cgi-bin directory. If you can't trust the people to write the CGIs properly (and behave properly), then you probably need to run suEXEC. I haven't run it myself, though, so I can't give you any pointers. You might give some more details about your configuration. > > Uli > Regards, Jake
- References:
- Re: user cgi-bin configuration
- From: ulrike@example.com
- Re: user cgi-bin configuration
- Prev by Date: Re: PCMCIA Card Not Working in OpenLinux 2.3
- Next by Date: Re: HUP Signal: restart now -> syntax?
- Prev by thread: Re: user cgi-bin configuration
- Next by thread: Re: user cgi-bin configuration
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |