mdw@git.distorted.org.uk Git - userv-utils/blob - ucgi/www-cgi

   1 # This service which allows CGI programs to be provided which do not
   2 # run as the webserver user, but instead are owned by a particular
   3 # other account.
   4 #
   5 # Similar effects can be achieved with Apache's suexec; this facility
   6 # is for administrators who do not trust suexec and wish to defend the
   7 # webserver from the CGI script providers, and vice versa, as much as
   8 # possible.  This is achieved by using userv to do the cross-account
   9 # call, rather than a custom setuid helper.
  10 #
  11 # This default configuration allows the webserver user to invoke
  12 # users' CGI programs from each user's ~/public-cgi, but to allow
  13 # external http clients to do this, the webserver will also need to be
  14 # configured.
  15
  16 if ( grep service-user-shell /etc/shells
  17    & glob calling-user www-data
  18    )
  19         reset
  20         no-suppress-args
  21         no-set-environment
  22         execute /usr/local/lib/userv/ucgi/target public-cgi
  23 fi