|
Enable suEXEC
2011/05/04 |
| Normally executing user for CGI is Apache's user, but it's possible to execute CGI with other users by using suEXEC. |
|
| [1] | Enable suEXEC |
|
root@www:~# aptitude -y install apache2-suexec-custom root@www:~# a2enmod suexec Enabling module suexec. Run '/etc/init.d/apache2 restart' to activate new configuration! |
| [2] | For example, configure to enable suEXEC under a directory "narwhal". |
|
root@www:~# vi /etc/apache2/suexec/www-data # add at the head: write directories you'd like to enable suEXEC /home/narwhal/public_html /var/www public_html/cgi-bin root@www:~# vi /etc/apache2/sites-enabled/virtual.host <VirtualHost *:80> ServerName www.virtual.host ServerAdmin webmaster@virtual.host DocumentRoot /home/narwhal/public_html ErrorLog /var/log/apache2/virtual.host.error.log CustomLog /var/log/apache2/virtual.host.access.log combined LogLevel warn # add: let narwhal a executing user SuexecUserGroup narwhal narwhal </VirtualHost> root@www05:~# /etc/init.d/apache2 restart * Restarting web server apache2 ... waiting ...done. |
| [3] | Make sure a test page is shown normally with changing parmission to 700. |
|
narwhal@www:~$ cd public_html narwhal@www:~/public_html$ vi suexec.cgi #!/usr/local/bin/perl print "Content-type: text/html\n\n"; print <<"EOM"; <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> suEXEC Test Page </div> </body> </html> EOM exit; narwhal@www:~/public_html$ chmod 700 suexec.cgi |
|