Enable suEXEC
2016/06/13 |
Normally, a process owner of CGI performing is the Apache admin user,
but it's possible to perform CGI scripts with other userID as process owner to enable suEXEC function.
|
|
[1] | Enable suEXEC. |
root@www:~#
root@www:~# apt-get -y install apache2-suexec-custom a2enmod suexec Enabling module suexec. To activate the new configuration, you need to run: service apache2 restartroot@www:~# systemctl restart apache2
|
[2] | For example, Configure suEXEC settings with a user "ubuntu" like follows. The environment of virtualhost of this example is the same with here. |
root@www:~#
vi /etc/apache2/suexec/www-data # add to the head of a file: the directory for enabling suEXEC
/home/ubuntu/public_html /var/www public_html/cgi-bin
root@www:~#
vi /etc/apache2/sites-enabled/virtual.host.conf <VirtualHost *:80> ServerName www.virtual.host ServerAdmin webmaster@virtual.host DocumentRoot /home/ubuntu/public_html ErrorLog /var/log/apache2/virtual.host.error.log CustomLog /var/log/apache2/virtual.host.access.log combined LogLevel warn # set "ubuntu" user for suEXEC SuexecUserGroup ubuntu ubuntu <Directory "/home/ubuntu/public_html"> Options +ExecCGI AddHandler cgi-script .cgi .pl </Directory> </VirtualHost>root@www:~# systemctl restart apache2
|
[3] | Create a test script which has 700 permission with the user "ubuntu" and make sure it works normally. |
ubuntu@www:~$
vi ~/public_html/suexec.cgi #!/usr/bin/perl print "Content-type: text/html\n\n"; print "<html>\n<body>\n"; print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n"; print "suEXEC Test Page"; print "\n</div>\n"; print "</body>\n</html>\n"; chmod 700 ~/public_html/suexec.cgi |