On March 4, 2012 12:33 , Wolfgang Laun <wolfgang.laun@xxxxxxxxx> wrote:
A CGI script creates a file; it should also change it's "natural" owner and group (daemon.daemon) to the one of the (authenticated) requesting user. Several users should be able to do that. Having read the Apache 2.4 documentation on Suexec I have the impression that this isn't possible at all. Is this correct or did I miss something?
Only root can change the owner of a file. So if a CGI needs to change the owner of a file that it creates, the CGI would have to be run as root (very dangerous, do not do this) or it would have to use a set-uid helper script to change the owner. Suexec cannot change the owner of a file created by a CGI, because it will not know what files the CGI creates.
I think what you want is to run the CGI as the user who is authenticated. Then any files created by the CGI will be owned by the user who is authenticated. Does this sound right?
For more information, see https://wiki.apache.org/httpd/PrivilegeSeparation -- Mark Montague mark@xxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|