| 1 | # This service which allows CGI programs to be provided which do not |
| 2 | # run as the webserver user, but instead are owned by a particular |
| 3 | # other account. |
| 4 | # |
| 5 | # Similar effects can be achieved with Apache's suexec; this facility |
| 6 | # is for administrators who do not trust suexec and wish to defend the |
| 7 | # webserver from the CGI script providers, and vice versa, as much as |
| 8 | # possible. This is achieved by using userv to do the cross-account |
| 9 | # call, rather than a custom setuid helper. |
| 10 | # |
| 11 | # This default configuration allows the webserver user to invoke |
| 12 | # users' CGI programs from each user's ~/public-cgi, but to allow |
| 13 | # external http clients to do this, the webserver will also need to be |
| 14 | # configured. |
| 15 | |
| 16 | if ( grep service-user-shell /etc/shells |
| 17 | & glob calling-user www-data |
| 18 | ) |
| 19 | reset |
| 20 | no-suppress-args |
| 21 | no-set-environment |
| 22 | execute /usr/local/lib/userv/cgi/target public-cgi |
| 23 | fi |