RE: RE: RE: Re: setuid scripts

Yes CGI scripts are executed as the httpd user (mostly nobody, or www, depends on configuration). But most of the time, suid scripts need root privileges, and it's really a bad idea to have httpd run as root.

Comment on RE: RE: RE: Re: setuid scripts

Replies are listed 'Best First'.
RE: RE: RE: RE: Re: setuid scripts by cleen (Pilgrim) on Jul 08, 2000 at 12:06 UTC
What I was stabbing at, was the fact he wants the file to be written only by the cgi script. If this is so, then why not just have the file set so only the owner of the httpd process has rights to read/write that file?	[reply]
RE: RE: RE: RE: RE: Re: setuid scripts by le (Friar) on Jul 08, 2000 at 12:52 UTC
That of course, is a possibility. But what if the httpd process runs as, say nobody, and you don't have the permissions to chown a file to nobody? Ok, then you probably don't have permission to set a script suid... hmmm, bad luck!	[reply]
RE: RE: RE: RE: RE: RE: Re: setuid scripts by cleen (Pilgrim) on Jul 08, 2000 at 12:58 UTC
Im voting this a ++ for the fact you were talking to yourself =P	[reply]