SuEXEC

SuEXEC

Apache suEXEC is a feature of the Apache Web server. It allows users to run CGI and SSI applications as a different user - normally, all web server processes run as the default web server user (often wwwrun, apache or nobody). The suEXEC feature consists of a module for the web server and a binary executable which acts as a wrapper.

If a client requests a CGI and suEXEC is activated, it will call the suEXEC binary which then wraps the CGI scripts and executes it under the user account of the server process (virtual host) defined in the virtual host directive.

Additionally, suEXEC perform a multi-step check on the executed CGI to ensure security for the server (including path-checks, a limit of permitted commands, etc.) [ [http://httpd.apache.org/docs/2.2/suexec.html apache.org - suEXEC Support] ]

Example

User "alice" has a website including some CGI scripts in her own public_html folder, which can be accessed by http://server/~alice. Bob now wants to access some CGI script.

So instead of running all scripts as "wwwrun" (which results in the need that all scripts have to be readable and executable for the "wwwrun" group if the file is owned by that group or for all users otherwise), the scripts in /home/alice/public_html will be wrapped using suEXEC and run with Alice's user ID resulting in higher security and eliminating the need to make the scripts readable and executable for all users or everyone in the "wwwrun" group (instead only alice herself needs to be able to run the script).

Notes

suEXEC was introduced in Apache 1.2. It is now often part of major distributions. A user can verify the configuration by calling suexec2 -V as root.

External Links and References

2. [http://www.eukhost.com/forums/f15/phpsuexec-what-do-i-need-know-4061/ what do I need to know more about PhpSuexec? ]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Mod suexec — Das Apache Modul mod suexec dient dazu, CGI Programme in einer geschützten Umgebung ausführen zu lassen. Über ein mehrstufiges Sicherheitskonzept wird dabei zum einen verhindert, dass unsichere Programme überhaupt ausgeführt werden, zum anderen… …   Deutsch Wikipedia

  • CGI-Script — Das Common Gateway Interface (CGI) – in etwa Allgemeine Vermittlungsrechner Schnittstelle – ist ein Standard für den Datenaustausch zwischen einem Webserver und dritter Software, die Anfragen bearbeitet. CGI ist eine schon länger bestehende… …   Deutsch Wikipedia

  • Ident — The Ident Protocol, specified in RFC 1413, is an Internet protocol that helps identify the user of a particular TCP connection. One popular daemon program for providing the ident service is identd.How Ident WorksThe Ident Protocol is designed to… …   Wikipedia

  • Common Gateway Interface — Das Common Gateway Interface (CGI) ist ein Standard für den Datenaustausch zwischen einem Webserver und dritter Software, die Anfragen bearbeitet. CGI ist eine schon länger bestehende Variante, Webseiten dynamisch bzw. interaktiv zu machen, deren …   Deutsch Wikipedia

  • Apache — HTTP Server Логотип Apache Тип Веб сервер Разработчик Apache …   Википедия

  • mod_suexec — Das Apache Modul mod suexec dient dazu, CGI Programme in einer geschützten Umgebung ausführen zu lassen. Über ein mehrstufiges Sicherheitskonzept wird dabei zum einen verhindert, dass unsichere Programme überhaupt ausgeführt werden, zum anderen… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”