HPE Community
Operating System - Linux
1830354 Members
2222 Online
110001 Solutions
New Discussion

Apache System User Authentication

 
Rad Rioveros
Occasional Advisor

‎07-06-2004 07:38 PM

‎07-06-2004 07:38 PM

Apache System User Authentication

Hi all,

I have a script, cgi, that will be run only by root user (744). So how will i configure apache so that apache can tell the server where the script will be run that the user running it is "root"?

Thanks in advance!

rad
0 Kudos
Reply
2 REPLIES 2
Steven E. Protter
Exalted Contributor

‎07-07-2004 03:06 AM

‎07-07-2004 03:06 AM

Re: Apache System User Authentication

Generally, when apache runs a cgi script its run as the default user for the httpd server, set in httpd.conf

in general with depot releases of apache thats the www user.

If you try and run a script thats permissions are 744 under those circumstances you will get an error 500 which will indicate the script is malformed and can not run.

Its usually not a terribly good idea for security purposes to run root permission only scripts through the httpd server. If the server is in a secure chroot jail, you probably can not do it at all.

I would imagine you could configure httpd.conf to run as root user, but that is an immense security openning, and there are already quite a few gotcha's in apache.

I know this does not solve the problem, and in my early security free days i considered setting up a web interface to allow operations to run root scripts.

What i ended up doing was giving them access to the crontab file from the web with authentication and configuring the system to read that file on a daily basis and make it the crontab. That was fraught with problems and was eventually abandoned.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Tijl Dullers_4
Occasional Advisor

‎07-11-2004 08:48 AM

‎07-11-2004 08:48 AM

Re: Apache System User Authentication

If the script is really required to run as root
although it might be a security issue.

You can do a chmod u+s on the script. Change owner to root and give read and execute permission to the group under which the webserver runs.
The group os the script needs to be set to the group the webserver runs under.

Make sure to protect the cgi with authentication and is however possible make sure only a designated set of IP adresses can access the CGI.




0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.