Help: how to use suEXEC ?

Help: how to use suEXEC ?

Post by Rolf Hat » Wed, 19 Nov 1997 04:00:00

I try to make a CGI to enable a user forwarding his mail to another place.
As far as I understand I have to change to the user-ID and group for modify
the .forward-file in his directory. Now, on the apache (1.2.4) there is a
small note on how to use the suEXEC ("...accomplished by using the
~character perfixing the user ID...). I have no idea what this means. Has
anybody an example of how to use this (or even better a complet perl-CGI
for mail forwarding).



Help: how to use suEXEC ?

Post by Nick Ke » Wed, 19 Nov 1997 04:00:00

A CGI script that modifies files in users' home directories is a
dangerous beast, even in the hands of a veteran hack who would never
need to ask how.  A Perl CGI script is doubly so (although taint
checking helps a lot) which is one good reason it will not work
at all under 'default' CGI conditions.

If you want a system that permits users to control incoming mail
processing (including forwarding) via the Web, take a look at
<URL:>.  WebThing can (optionally) use
the .forward mechanism, but will never touch the file.

Now, if you still want to edit users' .forward files, you'll either
have to give every user their own copy of the CGI script, or run
something SUID root (badbadbad...)

Nick Kew


1. Apache and suexec: any downside/disadvantages to running SUEXEC ??


Found lots of config info etc on web but have heard that it is not
really a good idea in most circumstances. I realize it theoretically
adds some protections.

1. Is it really always a good idea? ..i.e., if one is not running an
ISP / virtual host service...  (I dont need to serve others; have own
machine/server exclusivley)

2. Does it have any downsides ?  ... Even as a beginner, I can see
that it imposes some script config constraints - do those make things
difficult or impossible at times?

I ask about the downsides cause some while back I read something along
those lines, just cant remember or locate where or specifically what
the implications were (wasn't ready for the info then). I'm new to
apache/suexec so I dont fully understand - seems to a beginner like me
that it may make some things a little more difficult than need be ??

I have apache already setup with it now (preconfigured by provider)
but am considering likely renaming suexec to disable it. I've got
Redhat 6.2 Apache 1.3.19 configured for suexec (which seems
troublesome with some scripts).

Thanks for any advice.


2. Linker can't find libsocket.a - search path problem?

3. suEXEC / non suEXEC performance

4. satan for linux slackware 3.4

5. Using suexec wrapper with Apache 1.2.24

6. Direct Writes to VIDEO??

7. Using suexec to read world unreadable files (we might hire)

8. Open source e-mail client?

9. Using suEXEC

10. Using suExec with /cgi-bin?

11. Help request, suExec and apache 1.3

12. HELP: suEXEC for virtual hosts

13. help: debugging suexec problems