HOME

TheInfoList



Click Here for Items Related To - suEXEC
OR:
suEXEC on:   [Wikipedia]   [Google]   [Amazon]

Apache suEXEC is a feature of the
Apache The Apache () are a group of culturally related Native American tribes in the Southwestern United States, which include the Chiricahua, Jicarilla, Lipan, Mescalero, Mimbreño, Ndendahe (Bedonkohe or Mogollon and Nednhi or Carrizaleño an ...
web server A web server is computer software and underlying hardware that accepts requests via HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initiate ...
. It allows users to run
Common Gateway Interface In computing, Common Gateway Interface (CGI) is an interface specification that enables web servers to execute an external program, typically to process user requests. Such programs are often written in a scripting language and are commonly ref ...
(CGI) and
Server Side Includes Server Side Includes (SSI) is a simple interpreted server-side scripting language used almost exclusively for the World Wide Web. It is most useful for including the contents of one or more files into a web page on a web server (see below), using i ...
(SSI) applications as a different user. Normally, all web server processes run as the default web server user (often wwwrun, www-data, apache or
nobody Nobody may refer to: * Nobody, an indefinite pronoun Nobody may also refer to: Fictional characters *Nobody (Kingdom Hearts), Nobody (''Kingdom Hearts''), a race of beings in the ''Kingdom Hearts'' video game series *Nobody, a character in the ...
). The suEXEC feature consists of a module for the web server and a
binary Binary may refer to: Science and technology Mathematics * Binary number, a representation of numbers using only two digits (0 and 1) * Binary function, a function that takes two arguments * Binary operation, a mathematical operation that t ...
executable which acts as a wrapper. suEXEC was introduced in Apache 1.2 and is often included in the default Apache package provided by most
Linux distribution A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that includes the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading one ...
s. If a client requests a CGI and suEXEC is activated, it will call the suEXEC binary which then wraps the CGI scripts and executes it under the user account of the server process (virtual host) defined in the virtual host directive. Additionally, suEXEC perform a multi-step check on the executed CGI to ensure security for the server (including path-checks, a limit of permitted commands, etc.)apache.org - suEXEC Support
/ref>


Example

User "Alice" has a website including some Common Gateway Interface script files in her own public_html (a common web root directory name) folder, which can be accessed by https://example.com/~alice. User "Bob" now views Alice's webpage, which requires Apache to run one of these CGI scripts. Instead of running all scripts as "wwwrun" (which results in the need that all scripts have to be readable and executable for the "wwwrun" group if the file is owned by that group or for all users otherwise), the scripts in /home/alice/public_html will be wrapped using suEXEC and run with Alice's user ID resulting in higher security and eliminating the need to make the scripts readable and executable for all users or everyone in the "wwwrun" group (instead only Alice herself needs to be able to run the script).


References


External links





Unix network-related software
HTTP Server An HTTP server is a computer (software) program (or even a software component included in an other program) that plays the role of a server in a client–server model by implementing the ''server part'' of the HTTP and/or HTTPS network protocol ...
Apache httpd modules Computer security software Unix security-related software Command-line software {{security-software-stub