Debian 8 Jessie
Sponsored Link

Enable suEXEC
2015/06/03
 
Normally executing user for CGI is Apache's user, but it's possible to execute CGI with other users by using suEXEC.
[1] Enable suEXEC.
root@www:~#
aptitude -y install apache2-suexec-custom
root@www:~#
a2enmod suexec

Enabling module suexec.
To activate the new configuration, you need to run:
  service apache2 restart
[2] For example, configure to enable suEXEC under the directory "debian". The site settings is the one created in Virtual Hostings section.
root@www:~#
vi /etc/apache2/suexec/www-data
# add to the head of a file: the directory for suEXEC

/home/debian/public_html

/var/www
public_html/cgi-bin
root@www:~#
vi /etc/apache2/sites-available/virtual.host.conf
<VirtualHost *:80>
    ServerName www.virtual.host
    ServerAdmin webmaster@virtual.host
    DocumentRoot /home/debian/public_html
    ErrorLog /var/log/apache2/virtual.host.error.log
    CustomLog /var/log/apache2/virtual.host.access.log combined
    LogLevel warn
   
# add: let debian a executing user

   
SuexecUserGroup debian debian

</VirtualHost>
root@www:~#
systemctl restart apache2
[3] Make sure a test page is shown normally with changing parmission to 700.
debian@www:~$
mkdir public_html

debian@www:~$
chmod 755 public_html

debian@www:~$
vi public_html/suexec.cgi
#!/usr/bin/perl

print "Content-type: text/html\n\n";
print "<html>\n<body>\n";
print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n";
print "suEXEC Test Page";
print "\n</div>\n";
print "</body>\n</html>\n";

debian@www:~$
chmod 700 public_html/suexec.cgi

 
Tweet