SUEXEC(8) suexec SUEXEC(8)NAME
suexec - Switch user before executing external programs
SYNOPSIS
suexec -V
SUMMARY
suexec is used by the Apache HTTP Server to switch to another user before executing CGI programs. In order to achieve this, it must run as
root. Since the HTTP daemon normally doesn't run as root, the suexec executable needs the setuid bit set and must be owned by root. It
should never be writable for any other person than root.
For further information about the concepts and the security model of suexec please refer to the suexec documentation
(http://httpd.apache.org/docs/2.4/suexec.html).
OPTIONS -V If you are root, this option displays the compile options of suexec. For security reasons all configuration options are changeable
only at compile time.
Apache HTTP Server 2013-07-01 SUEXEC(8)
Check Out this Related Man Page
HTDIGEST(1) htdigest HTDIGEST(1)NAME
htdigest - manage user files for digest authentication
SYNOPSIS
htdigest [ -c ] passwdfile realm username
SUMMARY
htdigest is used to create and update the flat-files used to store usernames, realm and password for digest authentication of HTTP users.
Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htdigest.
This manual page only lists the command line arguments. For details of the directives necessary to configure digest authentication in httpd
see the Apache manual, which is part of the Apache distribution or can be found at http://httpd.apache.org/.
OPTIONS -c Create the passwdfile. If passwdfile already exists, it is deleted first.
passwdfile
Name of the file to contain the username, realm and password. If -c is given, this file is created if it does not already exist, or
deleted and recreated if it does exist.
realm The realm name to which the user name belongs. See http://tools.ietf.org/html/rfc2617#section-3.2.1 for more details.
username
The user name to create or update in passwdfile. If username does not exist is this file, an entry is added. If it does exist, the
password is changed.
SECURITY CONSIDERATIONS
This program is not safe as a setuid executable. Do not make it setuid.
Apache HTTP Server 2012-07-19 HTDIGEST(1)
guys here's a section of my program written in perl. This part is used to create directories with 777 mode. Now i know about 777 being a security hole. Could anyone provide me a possible solution to this using suexec?????????
Segment
system mkdir ".$file_folder", 0777 or die "Can't make... (13 Replies)
Hello,
Is there anyway to prevent users from modifying limits imposed by php.ini configuration in a phpSuExec configured PHP installation??
For example in server with PHP running in a module, I use php_admin_* directives:
php_admin_value memory_limit 40M
And users can't modify them... (0 Replies)
Hi all,
I am trying to setup apache w/ suexec to avoid permission problems w/ apache user and website user and also to be able to run a second (test) domain on the same server.
So far I got fcgi w/o suexec running perfectly (logs confirm that). But as soon as I enable the suexec statement in the... (0 Replies)
Hello guys
I'm trying to use Suexec in my computer. I've installed apache with default settings (so Suexec is installed with my emerge Apache , Gentoo) .
My settings on /etc/conf.d/apache2
# SUEXEC Enables running CGI scripts (in USERDIR) through suexec.
# USERDIR Enables /~username... (1 Reply)
Hello.
Could you please suggest the ways, by which one can prevent PHP users from reading other webroots? So far I know two ways: Apache mod_suexec and suphp. But it seems, they both require running PHP as a CGI, right? In this case I will be unable to benefit from APC (php opcache). I am... (4 Replies)
Hi,
I am using the below command in
suexec -u webuser /local/Tomcat7//0/tc7u/tomcat7.sh status
But it prompts for the password of executing user.
Let me know if any options available for passwordless or supplying password in script. (0 Replies)