On January 24, 2012 9:00 , Tarzan Jane <lapierre62@xxxxxxxxxxx> wrote:
The scripts address IO-pins on the embedded system [...] If I run the scripts as root in the /var/www/cgi-bin directory all is fine. But when trying to run the scripts using Apache via a web page nothing happens. This is because the scripts are run as www-data user and the www-data user is not allowed to perform these actions. Suexec doesn't work either because suexec expects ascii written cgi/php/pl script.
If you can grant the www-data user the right to address the IO pins, that is the best solution. This way, the CGIs are given only the permissions they need, not superuser (root) permissions to do everything. If, for example, the IO pins are addressed through device files, then you may be able to simply change the owner of the device files to www-data.
Otherwise, you can change the owner of the CGI binaries to be root and turn on the set-uid bit. This way, when the CGI binaries are run they will be run as root. https://en.wikipedia.org/wiki/Setuid Since you've already said that you're aware of the security issues, I won't repeat any dire warnings here.
-- Mark Montague mark@xxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|