diff options
Diffstat (limited to 'www-cgi/www-cgi')
-rw-r--r-- | www-cgi/www-cgi | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/www-cgi/www-cgi b/www-cgi/www-cgi index c3dabfc..364f7e5 100644 --- a/www-cgi/www-cgi +++ b/www-cgi/www-cgi @@ -1,3 +1,18 @@ +# This service which allows CGI programs to be provided which do not +# run as the webserver user, but instead are owned by a particular +# other account. +# +# Similar effects can be achieved with Apache's suexec; this facility +# is for administrators who do not trust suexec and wish to defend the +# webserver from the CGI script providers, and vice versa, as much as +# possible. This is achieved by using userv to do the cross-account +# call, rather than a custom setuid helper. +# +# This default configuration allows the webserver user to invoke +# users' CGI programs from each user's ~/public-cgi, but to allow +# external http clients to do this, the webserver will also need to be +# configured. + if ( grep service-user-shell /etc/shells & glob calling-user www-data ) |