Version 7 (modified by Dana, 9 years ago) (diff)


How can I run a cgi script with my own user permissions (suExec)?

At May First/People Link, many members share a single server with one instance of a web server. That means that the program that displays one members website is run as the same user (with the same user permissions) as the program the displays every other members' web site.

With web sites that only display information (they don't record any data provided by a web surfer), this setup poses few problems.

However, as we use our web sites to record information submitted by people browsing our web site, we start to run into problems. What if one member has an insecure web site that accidentally lets web site visitors view or delete information about web sites from a different member?

suExec is a method to protect us against that situation. With suExec, every web program runs as a user specific to the web site being displayed. So - the web server that displays the web site for Member A does not have the same permissions as the web server that displays the web site for Member B.

MFPL sets the User and Group that your scripts should execute as with the following line in your web configuration (set via the Members Control panel:

SuexecUserGroup USER GROUP

You should not need to take any additional steps to get this working on your site.