- publishing free software manuals
The Apache HTTP Server Reference Manual
by Apache Software Foundation
Paperback (6"x9"), 862 pages
ISBN 9781906966034
RRP £19.95 ($29.95)

Get a printed copy>>>

22  suEXEC Support

The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI or SSI program executes, it runs as the same user who is running the web server.

Used properly, this feature can reduce considerably the security risks involved with allowing users to develop and run private CGI or SSI programs. However, if suEXEC is improperly configured, it can cause any number of problems and possibly create new holes in your computer’s security. If you aren’t familiar with managing setuid root programs and the security issues they present, we highly recommend that you not consider using suEXEC.

 22.1  Before we begin
 22.2  suEXEC Security Model
 22.3  Configuring & Installing suEXEC
  22.3.1  Compiling and installing the suEXEC wrapper
  22.3.2  Setting paranoid permissions
 22.4  Enabling & Disabling suEXEC
 22.5  Using suEXEC
 22.6  Debugging suEXEC
 22.7  Beware the Jabberwock: Warnings & Examples

ISBN 9781906966034The Apache HTTP Server Reference ManualSee the print edition