Re: cgi in webb apps location
On 06/29/2010 11:34 PM, Damyan Ivanov wrote:
It does, I have already done my first beta version like that, but actual
question here is do I really want to give execute permission to everybody?
Well, ok, everybody dont have write permissions, but isnt it better to
limit permissions only on Apache user on 0500 or 0700, or something like
root:www-data 0750 (ok, that can also include several users)?
-=| glaskoncILLa, Tue, Jun 29, 2010 at 10:37:39PM +0200 |=-
Example from my testing VM;
-rwxr--r-- 1 root root 2211 Jun 14 20:09
pointing browser on http://127.0.0.1/gestioip/index.cgi results with;
tail -n 2 /var/log/apache2/error.log
[Tue Jun 29 21:56:01 2010] [error] (13)Permission denied: exec of
[Tue Jun 29 21:56:01 2010] [error] [client 127.0.0.1] Premature end of
script headers: index.cgi, referer: http://127.0.0.1/gestioip/index.cgi
well, I think is obvious what is the issue here, root:root doesnt seems
as best choice.
root:root is fine. You just need to allow execution for everybody.
Change the permissions to 0755 (-rwxr-xr-x) and see if it helps.
I supose someone can use some security hole in Apache and do something
bad but still its only one user, instead of n possible ones..
So, from your expirience, whats the best pratice?
And, if changing ownership is a option, is /usr/share/PACKAGE the
best/allowed place for something like that?
I'm sory to bother you but I really want to do this as best as possible
and I'm asking it on perl mailing list because web apps policy refers to
perl policy for perl web apps and one guy from web reccomended this