Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 13th April 2010, 08:42
sbrattla sbrattla is offline
Junior Member
 
Join Date: Apr 2010
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default suEXEC documentation - thougths appreciated!

Hi,

I've set up Apache2 with PHP5 + suEXEC as outlined in http://www.howtoforge.com/how-to-set...on-ubuntu-9.10. Everything works fine.

However, I've run across a curious little thing in the suEXEC documentation which I am a little uncertain as to how i should read. According to the suEXEC documentation (http://httpd.apache.org/docs/2.0/suexec.html), the suEXEC wrapper should perform 20 different checks in order to determine wether a script should be run or not. Two of these checks are:

#16. Is the target CGI/SSI program NOT writable by anyone else?
#18. Is the target user/group the same as the program's user group.

What I am uncertain about, is wether "CGI/SSI" in #16 is the PHP5 parser itself (or in the case of the HowToForge tutorial - the wrapper script), or the php file itself to be run. Would anyone happen to know that?

Furthermore, i am uncertain about #18 and what "the program" is? Are we still talking about the "CGI/SSI" program?

It would be great to hear any thoughts on this!

Last edited by sbrattla; 14th April 2010 at 08:42.
Reply With Quote
Sponsored Links
  #2  
Old 13th April 2010, 13:59
sbrattla sbrattla is offline
Junior Member
 
Join Date: Apr 2010
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default ...an extra thought on the posting above.

An extra comment on the above posting. Would it make sense for the suEXEC wrapper to care about the permissions on the actual script (say 'index.php') at all? After all, isn't the suEXEC wrapper just calling some external program (like the PHP-parser) with one or more arguments - and one of those arguments being the PHP-script to execute?

If this assumption is correct, would that mean that the only thing suEXEC really cares about is the external program (like the PHP-parser), and not the PHP-script itself (like an 'index.php')? This would in consequence mean that suEXEC does not check permissions or ownerships on the php-scripts, but only on the PHP-parser?

Last edited by sbrattla; 14th April 2010 at 08:48.
Reply With Quote
  #3  
Old 14th April 2010, 16:18
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Quote:
Originally Posted by sbrattla View Post
#16. Is the target CGI/SSI program NOT writable by anyone else?
#18. Is the target user/group the same as the program's user group.

What I am uncertain about, is wether "CGI/SSI" in #16 is the PHP5 parser itself (or in the case of the HowToForge tutorial - the wrapper script), or the php file itself to be run. Would anyone happen to know that?
It's the PHP script.

Quote:
Originally Posted by sbrattla View Post
Furthermore, i am uncertain about #18 and what "the program" is? Are we still talking about the "CGI/SSI" program?
Again, this is the PHP script.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 14th April 2010, 16:26
sbrattla sbrattla is offline
Junior Member
 
Join Date: Apr 2010
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default suEXEC does not enfore those checks...

Hi,

Thank you for your reply. That is a bit strange, because regardless of ownership and permissions on my PHP scripts - suEXEC still executes them. I've verified that suEXEC runs as the user set through the SuexecUserGroup directive.

Any ideas about what that might be caused by?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix delivery problem erebus Installation/Configuration 8 29th July 2014 20:17
drbd error -115 anandx Installation/Configuration 15 26th April 2009 19:16
Why do I get some errors during the reinstallation ? arastirici General 7 15th April 2009 16:50
Chroot SSH + ISPConfig Norman Installation/Configuration 27 26th March 2007 03:40
Systemimager (rsync) doesn't copy all comedit HOWTO-Related Questions 11 19th January 2007 17:17


All times are GMT +2. The time now is 12:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.