[userv-utils] / www-cgi / www-cgi

# This service which allows CGI programs to be provided which do not
# run as the webserver user, but instead are owned by a particular
# other account.
#
# Similar effects can be achieved with Apache's suexec; this facility
# is for administrators who do not trust suexec and wish to defend the
# webserver from the CGI script providers, and vice versa, as much as
# possible.  This is achieved by using userv to do the cross-account
# call, rather than a custom setuid helper.
#
# This default configuration allows the webserver user to invoke
# users' CGI programs from each user's ~/public-cgi, but to allow
# external http clients to do this, the webserver will also need to be
# configured.

if ( grep service-user-shell /etc/shells
   & glob calling-user www-data
   )
	reset
	no-suppress-args
	no-set-environment
	execute /usr/local/lib/userv/cgi/target public-cgi
fi
Commit	Line	Data
186ea161 IJ	1	# This service which allows CGI programs to be provided which do not
	2	# run as the webserver user, but instead are owned by a particular
	3	# other account.
	4	#
	5	# Similar effects can be achieved with Apache's suexec; this facility
	6	# is for administrators who do not trust suexec and wish to defend the
	7	# webserver from the CGI script providers, and vice versa, as much as
	8	# possible. This is achieved by using userv to do the cross-account
	9	# call, rather than a custom setuid helper.
	10	#
	11	# This default configuration allows the webserver user to invoke
	12	# users' CGI programs from each user's ~/public-cgi, but to allow
	13	# external http clients to do this, the webserver will also need to be
	14	# configured.
	15
79dc6919	16	if ( grep service-user-shell /etc/shells
0e397d0b	17	& glob calling-user www-data
79dc6919	18	)
79dc6919	19	reset
79dc6919	20	no-suppress-args
0e397d0b	21	no-set-environment
9c0139c5	22	execute /usr/local/lib/userv/cgi/target public-cgi
79dc6919	23	fi