Re: Script behaving differently when run by Apache and when run from a shell by user www-data?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





IMO suexec would be better suited to handle more sensitive operations such as unmounting.

CGI is not an interactive shell, as you discovered.

Calling a separate script with the suid bit might work too.

But I don't need an interactive shell: I need a way to run a script as user www-data, which is what CGI is for. I tested the script in an interactive shell because that's the easy way to run a script as user www-data.

What's interesting here is that CGI appears to be doing something more complex than simply forking a process. The script which is the problem has an EUID of 0, so why can't it unmount a filesystem? Have I just messed up (probably?) Or has Apache run me without CAP_SYS_ADMIN? If so, how and why? Maybe this is unlikely, but if it happens, it should be documented. If this, or something similar, doesn't happen, then I know that the problem is my fault.

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux