Zwaxy
asked on
how can I get my CGI script to run with my own userid?
I've just moved my web site from one server to another. They're both redhat linux boxes. One the old server, when a visitor to my page caused my CGI script to run, it ran with my own userid, so the script was able to update log files and such like, but on the new server the script always runs as the 'nobody' user (which is the user who is running the httpd processes). So how can I change it to run as myself? I've been told that maybe using a .htaccess file would do it, but I've tried and failed. The root user on the server is willing to change the server configuration if that's necessary, too.
ASKER
This is my first question on expert exchange, so please be gentle with me.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm sorry. I should have said I've already tried the setuid approach. It doesn't seem to have any affect on the machine. I don't have the ability to log on as 'nobody', but here are a couple of scripts I've made which are setuid to the 'nobody' account:
--------------------------
$ ls -l user[35].cgi
-rwsr-xr-x 1 nobody nobody 53 Oct 1 05:29 user3.cgi
-rwsr-xr-x 1 nobody nobody 52 Oct 1 05:34 user5.cgi
$ cat user3.cgi
#!/bin/sh
echo 'Content-Type: text/html'
echo ''
id
$ ./user3.cgi
Content-Type: text/html
uid=513(marp) gid=514(marp) groups=514(marp)
$ cat user5.cgi
#!/usr/bin/python
import posix
posix.system('id')
$ ./user5.cgi
uid=513(marp) gid=514(marp) groups=514(marp)
$
--------------------------
You'll notice that even when I run them from an interactive shell, the output of the 'id' command shows that the euid hasn't changed. (The 'id' man page says: "By default, it prints the real user ID, real group ID, effective user ID if different from the real user ID, effective group ID if different from the real group ID, and supplemental group IDs."
So I take it that setuid is disabled on this machine, and that this isn't anything to do with the httpd.conf.
Anyway, on the previous server I was using, I didn't have the scripts setuid, and they still ran as my own uid, even though the server was running as 'nobody'. (And this probably *is* to do with the configuration of the server)...
I just looked in httpd.conf, and saw a reference to Apache docs on the web, which lead me to http://www.apache.org.uk/docs/suexec.html, which begins thusly: "The suEXEC feature -- introduced in Apache 1.2 -- provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web-server."
So I guess I've found what I was looking for. Now - what happens about the points here? Your answer kindof helped, in that it lead me to find what I was looking for - so what grade would be fair? Like I said, I'm new at this...
--------------------------
$ ls -l user[35].cgi
-rwsr-xr-x 1 nobody nobody 53 Oct 1 05:29 user3.cgi
-rwsr-xr-x 1 nobody nobody 52 Oct 1 05:34 user5.cgi
$ cat user3.cgi
#!/bin/sh
echo 'Content-Type: text/html'
echo ''
id
$ ./user3.cgi
Content-Type: text/html
uid=513(marp) gid=514(marp) groups=514(marp)
$ cat user5.cgi
#!/usr/bin/python
import posix
posix.system('id')
$ ./user5.cgi
uid=513(marp) gid=514(marp) groups=514(marp)
$
--------------------------
You'll notice that even when I run them from an interactive shell, the output of the 'id' command shows that the euid hasn't changed. (The 'id' man page says: "By default, it prints the real user ID, real group ID, effective user ID if different from the real user ID, effective group ID if different from the real group ID, and supplemental group IDs."
So I take it that setuid is disabled on this machine, and that this isn't anything to do with the httpd.conf.
Anyway, on the previous server I was using, I didn't have the scripts setuid, and they still ran as my own uid, even though the server was running as 'nobody'. (And this probably *is* to do with the configuration of the server)...
I just looked in httpd.conf, and saw a reference to Apache docs on the web, which lead me to http://www.apache.org.uk/docs/suexec.html, which begins thusly: "The suEXEC feature -- introduced in Apache 1.2 -- provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web-server."
So I guess I've found what I was looking for. Now - what happens about the points here? Your answer kindof helped, in that it lead me to find what I was looking for - so what grade would be fair? Like I said, I'm new at this...
ASKER