Systems Status

Announce? RSS Feed RSS

Blog?RSS Feed RSS

Help Topics

Deschutes Facilities

Campus Facilities

User Account Info

Roundcube Mail

Contact Systems

ipv6 ready

Misc

suEXEC - Running CGI with your UserID

To write your own cgi programs or scripts you must be aware of the suexec module which places tighter controls on user cgi programs. The suexec module, as it comes with the apache web server, has stricter requirements than are useful on our systems. So, remember our requirements differ from ones you'll find on the web.

The suexec module executes .cgi and .php scripts using your account, rather than that of the apache process. This allows you do read and write files that are accessible to you, while providing protection from non-authorized access by other users and web processes. The suexec module also any output from your script to stderr in your personal error log in ix:/var/log/apache2/userlogs/.

Any page ending in .cgi or .php will be executed using the suexec module. Likewise any script (of any extension) that exists in a directory, under your public_html directory, called either htbin, or cgi-bin.

Since the suexec module allows scripts to be run using your login information, it takes steps to ensure that the script is as written by you. It does this by restricting who has write access to the file (and the directory in which it lives.) Here are the restrictions (as they differ from standard suexec):

  • Your htbin or cgi-bin directory must be world executable, and not world writable. Suggestions are 755 or 775 (if necessary).
  • Your cgi program must be executable by you (or its group) and not be world writable.
  • Your cgi program must have suffix .cgi (or .php to be executed by /usr/local/bin/php.)
  • The directory must be owned by you and the group that you want to be allow to create scripts. Outside of research group and class pages, this will normally be your primary group, which is the same as your login group.

If the protections or ownership of the directory or program are wrong suexec will fail to execute your program.

Test your program from the command line before trying to execute it through the server. If you have errors when you try to execute the program through the server, consult the file ix:/var/log/apache2/userlogs/username.errlog for messages pertaining to your failed script. If all goes well, the suexec wrapper will run your script program as you, instead of as the apache user.

See Also

External Links
Edited: November 19, 2013, at 01:17 pm
Copyright © 2024, University of Oregon, All rights reserved
Privacy Policy