Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Suexec solution
Top Forums UNIX for Dummies Questions & Answers Suexec solution Post 60164 by Neo on Tuesday 11th of January 2005 11:11:54 PM
Old 01-12-2005
Reference:

http://lists.evolt.org/archive/Week-...14/145126.html

Quote:
SuExec scenario:
If suExec is running, Perl runs as the owner of the script and gets it's permissions from the target file's owner bit (rw - -). Assuming that the script and the target file are owned by the domain user, that allows Perl the security of being able to write to the target file while not setting the world bit to a level allowing others to write to it. Problem: PHP still needs world write permission to write to target files and that allows both PHP and Perl in other domains permission to also write to the target file.
 

4 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

apache suexec

I compiled apache 1.3.33 with suexec support like ./configure \ "--with-layout=Apache" \ "--prefix=/usr/local/apache" \ "--enable-module=ssl" \ "--activate-module=src/modules/php4/libphp4.a" \ "--activate-module=src/modules/perl/libperl.a" \ "--enable-module=perl" \ "--enable-module=most"... (0 Replies)
Discussion started by: hassan1
0 Replies

2. UNIX for Advanced & Expert Users

suexec problem

Hi all, I am trying to setup apache w/ suexec to avoid permission problems w/ apache user and website user and also to be able to run a second (test) domain on the same server. So far I got fcgi w/o suexec running perfectly (logs confirm that). But as soon as I enable the suexec statement in the... (0 Replies)
Discussion started by: harrstar
0 Replies

3. UNIX for Dummies Questions & Answers

How to use Suexec with Apache2 ?

Hello guys I'm trying to use Suexec in my computer. I've installed apache with default settings (so Suexec is installed with my emerge Apache , Gentoo) . My settings on /etc/conf.d/apache2 # SUEXEC Enables running CGI scripts (in USERDIR) through suexec. # USERDIR Enables /~username... (1 Reply)
Discussion started by: kernings
1 Replies

4. Shell Programming and Scripting

SUEXEC with passwordless option

Hi, I am using the below command in suexec -u webuser /local/Tomcat7//0/tc7u/tomcat7.sh status But it prompts for the password of executing user. Let me know if any options available for passwordless or supplying password in script. (0 Replies)
Discussion started by: pravinbtech
0 Replies

LEARN ABOUT ULTRIX

mkproto

mkproto(8)							    Unsupported 							mkproto(8)

Name
       mkproto - construct a prototype file system

Syntax
       /etc/mkproto special proto

Description
       The  command  is used to bootstrap a new file system.  First a new file system is created using The command is then used to copy files from
       the old file system into the new file system according to the directions found in the prototype file proto.  The  prototype  file  contains
       tokens  separated by spaces or new lines.  The first tokens comprise the specification for the root directory.  File specifications consist
       of tokens giving the mode, the user-id, the group id, and the initial contents of the file.  The syntax of the contents	field  depends	on
       the mode.

       The mode token for a file is a 6 character string.  The first character specifies the type of the file.	(The characters -bcd specify regu-
       lar, block special, character special and directory files respectively.)  The second character of the type is either u or - to specify set-
       user-id	mode or not.  The third is g or - for the set-group-id mode.  The rest of the mode is a three digit octal number giving the owner,
       group, and other read, write, execute permissions.  See

       Two decimal number tokens come after the mode; they specify the user and group ID's of the owner of the file.

       If the file is a regular file, the next token is a pathname whence the contents and size are copied.

       If the file is a block or character special file, two decimal number tokens follow which give the major and minor device numbers.

       If the file is a directory, makes the entries .	and ..	and then reads a list of names	and  (recursively)  file  specifications  for  the
       entries in the directory.  The scan is terminated with the token $.

       A sample prototype specification follows:

       d--777 3 1
       usr  d--777 3 1
	    sh	 ---755 3 1 /bin/sh
	    ken  d--755 6 1
		 $
	    b0	 b--644 3 1 0 0
	    c0	 c--644 3 1 0 0
	    $
       $

Restrictions
       You can only run on virgin file systems.  It should be possible to copy files into existent file systems.

See Also
       dir(5), fs(5), fsck(8), newfs(8)

																	mkproto(8)
All times are GMT -4. The time now is 07:10 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy