Knowledge Base / FAQ's...


Match word(s).
  • Use the Search Function to the left for a quick query.
  • Click on any Section Heading to view all FAQs in that section
  • Click on any individual FAQ to view one at a time.

.................................................................................................

 
 

SuExec: What it is & How it affects your CGI Scripts

WideDomain Internet has enabled SuExec on all servers. This is turned on for security purposes and will not be turned off.

"What is SuExec?" is probably a question a lot of you are asking yourselves. For Apache's official explanation: http://httpd.apache.org/docs/suexec.html

If you don't feel like reading through that and just want a friendlier version, SuExec is security and convenience (after you get used to it of course). All processes on a machine run as a user. Normally with cgi/perl scripts, the user used is nobody. With SuExec however, the user becomes you. SuExec allows the script to run as you and access files as you could if you were to access the files from FTP. When SuExec is not enabled, you would have to give world writable/readable permissions on files which isn't safe as that would mean anyone's script on the same server would be able to read/write to that file. SuExec enabled means that users' scripts can only access and manipulate the user's files, not someone else's.

How does this affect your CGI/Perl scripts?

Many of your script's instructions will tell you to change permissions on directories the script needs to write to, to 777 (drwxrwxrwx) and files to 777 (_rwxrwxrwx) or 666 (_rw_rw_rw_). SuExec will not let scripts run or access files that have those permissions or are in directories with those permissions (as they are insecure like that). Instead, any time a script tells you to change permissions to that, make the permissions for the file or directory to 755 (_rwxr_xr_x), and not what the instructions say to. Most instructions for cgi and perl scripts are made for those people on servers not running SuExec, but since you are, you have to do things like permissions a little differently.

 
 
  WideDomain Internet Home 

Copyright © 2002 WideDomain Internet, a division of Infomatik Services, Inc. All Rights Reserved. Script provided by SmartCGIs.com