Re: Setuid scripts with Apache?

To: Ted Cabeen <secabeen@pobox.com>
Cc: Marc Haber <debian-user.lists.debian.org@marc-haber.de>, Debian User List <debian-user@lists.debian.org>
Subject: Re: Setuid scripts with Apache?
From: Adam Shand <larry@alaska.net>
Date: Thu, 9 Mar 2000 12:44:46 -0900 (AKST)
Message-id: <[🔎] Pine.LNX.4.21.0003091242390.12278-100000@heyzeus.alaska.net>
In-reply-to: <[🔎] 200003091459.IAA21764@entropy.uchicago.edu>

> >>following error in my error.log: Can't do setuid

are you running under suexec?  that is the only apache security mechanism i
am aware of which restricts suid scripts/binaries.  if you are there is no
way around this, disable suexec.

> >Why don't you system() that perl script without the suid bit via sudo?

icky.  you would have to configure the user that apache runs as to have
nopasswd permissions to sudo.  not a good thought.

> That's a thought, but will it work?  It looks like apache isn't letting
> me execute a setuid root program (suidperl) in the CGI.  Since sudo is
> setuid as well won't I have the same problem?

and this, unless it's not an apache restriction but a kernel restriction on
suid scripts.

adam.

Reply to:

Follow-Ups:
- Re: Setuid scripts with Apache?
  - From: Ted Cabeen <secabeen@pobox.com>

References:
- Re: Setuid scripts with Apache?
  - From: Ted Cabeen <secabeen@pobox.com>

Prev by Date: Re: unzipping .exe files
Next by Date: Re: mailman auth
Previous by thread: Re: Setuid scripts with Apache?
Next by thread: Re: Setuid scripts with Apache?
Index(es):
- Date
- Thread