From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MGEKL-00026A-04 for garchives@archives.gentoo.org; Mon, 15 Jun 2009 15:42:29 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 109D1E039A; Mon, 15 Jun 2009 15:42:27 +0000 (UTC) Received: from mail-bw0-f223.google.com (mail-bw0-f223.google.com [209.85.218.223]) by pigeon.gentoo.org (Postfix) with ESMTP id BD770E039A for ; Mon, 15 Jun 2009 15:42:26 +0000 (UTC) Received: by bwz23 with SMTP id 23so3053208bwz.34 for ; Mon, 15 Jun 2009 08:42:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type; bh=H1rLqvh5fIuN8xPgP7qpYynKAg3eL/M/QKI7qDWPDnc=; b=Q47206gALyADiQ4esun1hdsajTFWvokjIAJ3tuUQTY0CQV94jidrwwGEQu/d52YSr9 TjTfs5lstIjmw+qBmKmAlLUa41VbEDAjfxTLVqAne/NZVyUwjYGkCTVTxMebwM1SY4lz vIHLy9v54+XsIZ0P4GV1PT1f8RcM75lfL+CmM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type; b=FYwCGdxGF9GNyB5EibVz6uyVm9nP7iHnPv1ada3IJegHsjoAQAur9vL9Qf00xSd/2r k1ncXuAfbhw4QJ1x3J50YD8d2tSeR6VRi02m4GzBBgphv8TZsql3mf5w9fT2grr65Ssj HOShM3rfRvUmOqrKhtx0pkx9YAYYMUdgrOou8= Received: by 10.103.167.14 with SMTP id u14mr3748295muo.55.1245080545454; Mon, 15 Jun 2009 08:42:25 -0700 (PDT) Received: from coercion ([91.191.238.58]) by mx.google.com with ESMTPS id j6sm2532132mue.1.2009.06.15.08.42.21 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 15 Jun 2009 08:42:22 -0700 (PDT) Date: Mon, 15 Jun 2009 21:39:48 +0600 From: Mike Kazantsev To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Installing apache with USE='-suexec' Message-ID: <20090615213948.71d246e2@coercion> In-Reply-To: <87hbyhmy41.fsf@newsguy.com> References: <87hbyhmy41.fsf@newsguy.com> X-Mailer: Claws Mail 3.7.1 (GTK+ 2.16.1; i686-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/a4Hg5m1c5r2wJy6kYGxg/TS"; protocol="application/pgp-signature" X-Archives-Salt: 20281f59-bbb6-4d80-845d-7badc34d769e X-Archives-Hash: d3f4ad5f87957950b3893386dc198b95 --Sig_/a4Hg5m1c5r2wJy6kYGxg/TS Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Mon, 15 Jun 2009 08:21:18 -0500 Harry Putnam wrote: > Starting to emerge apache I see the default USE flags include > -suexec. I'm not much of an apache buff but wondered if that would > have a bad effect on allowing users to run cig scripts. cgi > I'm not even sure its related... but recall something dimly about > using suexec to run such scripts. You probably confusing suid (elevated privileges) and shebang (first line of the file, specifying what to run as an interpreter). Suexec in apache probably doesn't have much use beyond hosting platforms - it allows to handle different urls / vhosts with different privileges, so, say, to return some "john.myserver.com" page apache will drop privileges to local user "john", while serving "myserver.com" from "www" user on the same port by the same daemon, so john's scripts won't be able to access www-data and vice versa. --=20 Mike Kazantsev // fraggod.net --Sig_/a4Hg5m1c5r2wJy6kYGxg/TS Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAko2a0gACgkQASbOZpzyXnG3yQCgsZwnWeNqMBWSz3Aa3pz2F3ce nL4AoMy3dt2Q7BIxjB4D/i7Z4G1jAJ4S =Drg/ -----END PGP SIGNATURE----- --Sig_/a4Hg5m1c5r2wJy6kYGxg/TS--