An alternative is to create a virtualhost to run URL's in the format http://server.name~root/cgi-bin/etc (I forget the technical term for these hosts run under the authority of the user in the ~root/ part of the URL). There may be restrictions on using user root though; I've never tried this.
This sidesteps the set-uid requirement as the code will be run under the authority of root. So you don't have to worry about anyone else who might somehow get access to execute the code AS root. On 24 January 2012 14:19, Mark Montague <m...@catseye.org> wrote: > On January 24, 2012 9:00 , Tarzan Jane <lapierr...@hotmail.com> wrote: > >> The scripts address IO-pins on the embedded system [...] If I run the >> scripts as root in the /var/www/cgi-bin directory all is fine. But when >> trying to run the scripts using Apache via a web page nothing happens. This >> is because the scripts are run as www-data user and the www-data user is >> not allowed to perform these actions. Suexec doesn't work either because >> suexec expects ascii written cgi/php/pl script. >> > > If you can grant the www-data user the right to address the IO pins, that > is the best solution. This way, the CGIs are given only the permissions > they need, not superuser (root) permissions to do everything. If, for > example, the IO pins are addressed through device files, then you may be > able to simply change the owner of the device files to www-data. > > Otherwise, you can change the owner of the CGI binaries to be root and > turn on the set-uid bit. This way, when the CGI binaries are run they will > be run as root. > https://en.wikipedia.org/wiki/**Setuid<https://en.wikipedia.org/wiki/Setuid> > Since you've already said that you're aware of the security issues, I > won't repeat any dire warnings here. > > -- > Mark Montague > m...@catseye.org > > > ------------------------------**------------------------------**--------- > The official User-To-User support forum of the Apache HTTP Server Project. > See > <URL:http://httpd.apache.org/**userslist.html<http://httpd.apache.org/userslist.html>> > for more info. > To unsubscribe, e-mail: > users-unsubscribe@httpd.**apache.org<users-unsubscr...@httpd.apache.org> > " from the digest: > users-digest-unsubscribe@**httpd.apache.org<users-digest-unsubscr...@httpd.apache.org> > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Steve Swift http://www.swiftys.org.uk
