HOME

TheInfoList



Click Here for Items Related To - suEXEC
OR:
suEXEC on:   [Wikipedia]   [Google]   [Amazon]

Apache suEXEC is a feature of the
Apache The Apache ( ) are several Southern Athabaskan language-speaking peoples of the Southwestern United States, Southwest, the Southern Plains and Northern Mexico. They are linguistically related to the Navajo. They migrated from the Athabascan ho ...
web server A web server is computer software and underlying Computer hardware, hardware that accepts requests via Hypertext Transfer Protocol, HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, co ...
. It allows users to run
Common Gateway Interface file:Common Gateway Interface logo.svg, The official CGI logo from the spec announcement In computing, Common Gateway Interface (CGI) is an interface specification that enables web servers to execute an external program to process HTTP or HTTPS ...
(CGI) and Server Side Includes (SSI) applications as a different user. Normally, all web server processes run as the default web server user (often wwwrun, www-data, apache or nobody). The suEXEC feature consists of a module for the web server and a binary executable which acts as a wrapper. suEXEC was introduced in Apache 1.2 and is often included in the default Apache package provided by most
Linux distribution A Linux distribution, often abbreviated as distro, is an operating system that includes the Linux kernel for its kernel functionality. Although the name does not imply product distribution per se, a distro—if distributed on its own—is oft ...
s. If a client requests a CGI and suEXEC is activated, it will call the suEXEC binary which then wraps the CGI scripts and executes it under the user account of the server process (virtual host) defined in the virtual host directive. Additionally, suEXEC perform a multi-step check on the executed CGI to ensure security for the server (including path-checks, a limit of permitted commands, etc.)apache.org - suEXEC Support
/ref>


Example

User "Alice" has a website including some Common Gateway Interface script files in her own public_html (a common web root directory name) folder, which can be accessed by https://example.com/~alice. User "Bob" now views Alice's webpage, which requires Apache to run one of these CGI scripts. Instead of running all scripts as "wwwrun" (which results in the need that all scripts have to be readable and executable for the "wwwrun" group if the file is owned by that group or for all users otherwise), the scripts in /home/alice/public_html will be wrapped using suEXEC and run with Alice's user ID resulting in higher security and eliminating the need to make the scripts readable and executable for all users or everyone in the "wwwrun" group (instead only Alice herself needs to be able to run the script).


References


External links





HTTP Server Apache httpd modules Command-line software Computer security software Software using the Apache license Unix network-related software Unix security-related software {{security-software-stub