On Tue, 2006-20-06 at 13:58 +0200, sfantar wrote: > "CGIs are forked off of the web server, which normally runs under a > "different user." > > I understand the fact that's the CGIs are run by a different user. > Is this user the same as the one who launched Apache? >
Maybe, it depends on the configuration of your machine. Normally, daemons like web servers are started by init(8) which has root privileges. This means it can change the UID of itself. When a fork occurs, a copy of the same process is created. So, init creates a copy of itself via fork. It changes its UID and GID. Then it exec's the daemon. The daemon, in this case, the web server, ends up running under its own UID and GID. The other way for a process to run with other UID privileges is for it to have its effective UID bit set. (See `perldoc -f stat` and search for "mode".) This means that it is running under the UID of its file, not its parent. Normally, theses program do a security test first thing, to ensure the one who is running it actually should be running it. An example is sudo(8). Take a look at its file: ls -l /usr/bin/sudo Notice that its mode is : -rwsr-xr-x The 's' means its effective UID is set. References: perldoc -f stat perldoc -f chmod perldoc perlvar (and search for '$<', '$>' ) > How about mod_perl? If I run under mod_perl a script, is this one forked > off as well? > I haven't use mod_perl in years; someone else will have to answer this. -- __END__ Just my 0.00000002 million dollars worth, --- Shawn "For the things we have to learn before we can do them, we learn by doing them." Aristotle * Perl tutorials at http://perlmonks.org/?node=Tutorials * A searchable perldoc is at http://perldoc.perl.org/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
