I have a question to which I am trying to find an answer. If suexec is enabled in apache, a user can run his scripts under his own ID. It is fine. My questions are
1. In the first place for what purposes a user want to run CGI under his own ID.
2. Whatever is the purpose , why can't we change the permissions for the user accordingly in his virtual host entry in httpd conf file
3. Also I read that there are dangers in enabling suexec. What are the dangers. Some where it is written that when other users can execute his CGI scripts . it poses a danger to the server. How is this caused. Please explain me with a scenario.
I have read many articles , but I could not understand why the users want to run CGI scripts under their own ID. Why can't they be run under server's ID as nobody .
Thank You very much.
Webinar: 8 Signs You’re Beyond Cron
11am CDT, April 29th
- March 2015 Issue of Linux Journal: High-Performance Computing
- Users, Permissions and Multitenant Sites
- Not So Dynamic Updates
- April 2015 Video Preview
- Security in Three Ds: Detect, Decide and Deny
- New Products
- Flexible Access Control with Squid Proxy
- DevOps: Everything You Need to Know
- Tighten Up SSH
- Android Candy: Bluetooth Auto Connect