Bug#499191: apache2-suexec-custom: Allow execution of programs owned by root
I'm using apache2 together with fastcgi, suexec and php. To configure php I'm using a wrapper script to set PHPRC, which then exec's php itself.
I don't want users to set their own PHPRC, so they could modify the php.ini for their site. This means users shouldn't be able
to write to the wrapper script. The problem is that suexec requires the wrapper script to be owned by the user it should be executed as, which means
the user could modify this script.
The same problem occurs when you want to provide some cgi scripts for your users in a central location. Suexec requires them to be owned by the user
it should be executed as. Usually these shared cgi scripts are owned by root, or another account which is 'trusted'.
So the actual item for the wishlist is to be able to specify a user (or more than one) that are considered trusted. Suexec will then allow files
owned by either the target user, or by a trusted user, to be executed.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF8)
Shell: /bin/sh linked to /bin/bash