Using Apache with Suexec on Linux - page 7

Executing CGI Scripts as Other Users

There are a few articles on the Web about working with the suexec wrapper. Don't neglect the man page included with the source; you can view it directly with

    % cd ./apache-1.3/src/support/
    % man ./suexec.8
  

You can also find some documentation at the following URLs:

• http://www.apache.org/docs/suexec.html>
• http://www.apache.org/docs/suexec_1_2.html> (this is largely obsolete)

In Conclusion
The suexec application is a double-edged sword. It allows you to execute scripts under other person� than the basic server user--but it can also cut you unexpectedly if you're not careful. A single misconfiguration can break all of your CGI scripts, so consider and plan carefully, and test thoroughly, before implementing the wrapper on your production systems.

Acknowledgements
I would like to thank someone named "ryan" for pointing out a typo in the code examples in my Adding PHP to Apache on Linux article in December 1999. The report came very soon after publication and the error was corrected immediately, so very few readers saw the broken code. Thanks, ryan!

Got a Topic You Want Covered?
If you have a particular Apache-related topic that you'd like covered in a future article in this column, please let me know; drop me an email at <coar@Apache.Org>. I do read and answer my email, usually within a few hours (although a few days may pass if I'm travelling or my mail volume is way up). If I don't respond within what seems to be a reasonable amount of time, feel free to ping me again.

About the Author
Ken Coar is a member of the Apache Group and a director and vice president of the Apache Software Foundation. He is also a core member of the Jikes open-source Java compiler project, a contributor to the PHP project, the author of Apache Server for Dummies, and a contributing author to Apache Server Unleashed. He can be reached via email at <coar@apache.org>.