https://community.hpe.com/t5/operating-system-linux/apache-system-user-authentication/m-p/3324869#M13044 Hi all,<BR /><BR />I have a script, cgi, that will be run only by root user (744). So how will i configure apache so that apache can tell the server where the script will be run that the user running it is "root"?<BR /><BR />Thanks in advance!<BR /><BR />rad Wed, 07 Jul 2004 02:38:35 GMT Rad Rioveros 2004-07-07T02:38:35Z https://community.hpe.com/t5/operating-system-linux/apache-system-user-authentication/m-p/3324869#M13044 Hi all,<BR /><BR />I have a script, cgi, that will be run only by root user (744). So how will i configure apache so that apache can tell the server where the script will be run that the user running it is "root"?<BR /><BR />Thanks in advance!<BR /><BR />rad Wed, 07 Jul 2004 02:38:35 GMT https://community.hpe.com/t5/operating-system-linux/apache-system-user-authentication/m-p/3324869#M13044 Rad Rioveros 2004-07-07T02:38:35Z https://community.hpe.com/t5/operating-system-linux/apache-system-user-authentication/m-p/3324870#M13045 Generally, when apache runs a cgi script its run as the default user for the httpd server, set in httpd.conf<BR /><BR />in general with depot releases of apache thats the www user.<BR /><BR />If you try and run a script thats permissions are 744 under those circumstances you will get an error 500 which will indicate the script is malformed and can not run.<BR /><BR />Its usually not a terribly good idea for security purposes to run root permission only scripts through the httpd server. If the server is in a secure chroot jail, you probably can not do it at all.<BR /><BR />I would imagine you could configure httpd.conf to run as root user, but that is an immense security openning, and there are already quite a few gotcha's in apache.<BR /><BR />I know this does not solve the problem, and in my early security free days i considered setting up a web interface to allow operations to run root scripts.<BR /><BR />What i ended up doing was giving them access to the crontab file from the web with authentication and configuring the system to read that file on a daily basis and make it the crontab. That was fraught with problems and was eventually abandoned.<BR /><BR />SEP Wed, 07 Jul 2004 10:06:02 GMT https://community.hpe.com/t5/operating-system-linux/apache-system-user-authentication/m-p/3324870#M13045 Steven E. Protter 2004-07-07T10:06:02Z https://community.hpe.com/t5/operating-system-linux/apache-system-user-authentication/m-p/3324871#M13046 If the script is really required to run as root <BR />although it might be a security issue. <BR /><BR />You can do a chmod u+s on the script. Change owner to root and give read and execute permission to the group under which the webserver runs.<BR />The group os the script needs to be set to the group the webserver runs under. <BR /><BR />Make sure to protect the cgi with authentication and is however possible make sure only a designated set of IP adresses can access the CGI. <BR /><BR /><BR /> <BR /><BR /> Sun, 11 Jul 2004 15:48:36 GMT https://community.hpe.com/t5/operating-system-linux/apache-system-user-authentication/m-p/3324871#M13046 Tijl Dullers_4 2004-07-11T15:48:36Z