[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: suEXEC



Miner
can you tell me how i can do this with root user power??

2008/8/12 Miner, Jonathan W (US SSA) <jonathan w miner baesystems com>

> Joy -
>
> I understand what you're trying to do.  I was just proposing a slightly
> different security architecture. Just another way to look at the problem...
> Running processes as "root" should be a last resort, if there is no other
> way to perform the task.
>
> - Jon
>
>
> -----Original Message-----
> From:   redhat-list-bounces redhat com on behalf of Joy Methew
> Sent:   Tue 8/12/2008 9:28 AM
> To:     General Red Hat Linux discussion list
> Cc:
> Subject:        Re: suEXEC
>
> Apache default to running as the user apache.
> This is safe and effective strategy for mostly static website,but many
> dynamic website have CGI scripts that need more privileges.For example,a
> script may need to write to a file,or access a database as a user other
> than
> apache.
> so here i want to use root user.
>
> 2008/8/12 Miner, Jonathan W (US SSA) <jonathan w miner baesystems com>
>
> >
> > The way I have always accomplished this is by splitting the task into two
> > parts.  First, use the web interface to create a simple text file (or
> > database) of work to be done.  Second, use a cron job, running with
> > appropriate permissions, to read the text file, (or database) and perform
> > the work, and notify the original requester.
> >
> > The downside is that the work is done asynchronously.
> >
> > On the plus side, you don't need to run the webserver with elevated
> > permissions.
> >
> > -----Original Message-----
> > From:   redhat-list-bounces redhat com on behalf of Joy Methew
> > Sent:   Tue 8/12/2008 8:59 AM
> > To:     General Red Hat Linux discussion list
> > Cc:
> > Subject:        Re: suEXEC
> >
> > i have told already i am not using both together.
> >
> > On Tue, Aug 12, 2008 at 5:41 PM, Broekman, Maarten <
> > Maarten Broekman fmr com
> > > wrote:
> >
> > > By having the two virtual hosts, Apache will use the first matching
> > > entry.  This means that it will never use the second virtual host
> entry.
> > > You either need to comment out the first entry or change it.
> > >
> > > Also, check the Apache documentation (http://httpd.apache.org/docs/).
> > >
> > > Maarten
> > >
> > >
> > > -----Original Message-----
> > > From: redhat-list-bounces redhat com
> > > [mailto:redhat-list-bounces redhat com] On Behalf Of Joy Methew
> > > Sent: Tuesday, August 12, 2008 8:08 AM
> > > To: General Red Hat Linux discussion list
> > > Subject: suEXEC
> > >
> > > scrpit.sh.....
> > >
> > > #!/bin/bash
> > > echo Content-type: text/html
> > > echo
> > > whoami
> > > echo '<br><br>'
> > > id || echo "Will not work with SELinux."
> > > echo '<br>'
> > >
> > > first virtual hosting is showing username cgiuser but second virtual
> > > hostinf
> > > is blank answer.
> > > i waan it show username root.
> > > i m not doing this virtual hosting together.
> > > this virtual hosting only for testing purpose.
> > > chown cgiuser.cgiuser /var/www/virtual/cgi-bin/
> > > chmod 755 /var/www/virtual/cgi-bin/
> > > chmod 755 /var/www/virtual/cgi-bin/script.sh
> > >
> > > <VirtualHost 192.168.1.4:80>
> > >     DocumentRoot /var/www/html
> > >     ServerName 192.168.1.4
> > >     ScriptAlias /cgi-bin/ /var/www/virtual/cgi-bin/
> > >     SuexecUserGroup cgiuser cgiuser
> > > </VirtualHost>
> > >
> > > <VirtualHost 192.168.1.4:80>
> > >     DocumentRoot /var/www/html
> > >     ServerName 192.168.1.4
> > >     ScriptAlias /root-cgi-bin/ /var/www/virtual/root-cgi-bin/
> > >     SuexecUserGroup root root
> > > </VirtualHost>
> > > --
> > > redhat-list mailing list
> > > unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> >
> >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]