> -----BEGIN PGP SIGNED MESSAGE----- > > My question pertains to dedicating a user to webmaster to allow the user > to create and maintain cgi scripts. > > First, do cgi scripts get run by www-data? > > When apache (or I assume any web server following the new web standard) is > installed, it creates the directory /usr/lib/cgi-bin (if it wasn't there > already) with the directory cgi-bin belonging to root:root and permission > 755 (which is what the policy manual dictates). > > What do I need to do to dedicate a user to be webmaster and to be able to > write cgi-scripts? I thought I would just need to add that user to group > www-data. However, the user would still not be able to write to > /usr/lib/cgi-bin. Obviously, I could just change the permissions from 755 > to 775 but I thought I would ask in case this is a security risk. If this > is correct, should it be set up that way in the first place? Am I missing > anything? > > Cheers, Colin. You could use 'chown' to change the user of the /usr/lib/cgi-bin directory to be the user that will be running the cgi scripts. Another alternative may be to change the ScriptAlias directive in the apache configuration files to point at a cgi-bin directory that the user owns. Or you want want to use a group to allow a number of different people to create the cgi files. Changing the permissions is ok, as long as you restrict access to only the www-data group (or whatever group is appropriate). The scripts will be run as whatever the 'User' directive in the apache configuration files is set to. Cheers, - Jim
Attachment:
pgpmuhOZnHKRn.pgp
Description: PGP signature