Commit | Line | Data |
---|---|---|
186ea161 IJ |
1 | # This service which allows CGI programs to be provided which do not |
2 | # run as the webserver user, but instead are owned by a particular | |
3 | # other account. | |
4 | # | |
5 | # Similar effects can be achieved with Apache's suexec; this facility | |
6 | # is for administrators who do not trust suexec and wish to defend the | |
7 | # webserver from the CGI script providers, and vice versa, as much as | |
8 | # possible. This is achieved by using userv to do the cross-account | |
9 | # call, rather than a custom setuid helper. | |
10 | # | |
11 | # This default configuration allows the webserver user to invoke | |
12 | # users' CGI programs from each user's ~/public-cgi, but to allow | |
13 | # external http clients to do this, the webserver will also need to be | |
14 | # configured. | |
15 | ||
79dc6919 | 16 | if ( grep service-user-shell /etc/shells |
0e397d0b | 17 | & glob calling-user www-data |
79dc6919 | 18 | ) |
19 | reset | |
79dc6919 | 20 | no-suppress-args |
0e397d0b | 21 | no-set-environment |
9c0139c5 | 22 | execute /usr/local/lib/userv/cgi/target public-cgi |
79dc6919 | 23 | fi |