suexec insists that the file being executed needs to be the same owner and group as what the web server will be running as after suexec. Doesn't this requirement make things *less* secure? You can't really protect a file against its own owner overwriting it. The same requirement is on the folder, leaving the web server two legal chmods away from allowing an exploit to create, delete, and modify files inside the vhost at will.
This is not a question on how to use suexec, that's fairly clear. The
strict, hardwired conditions its willing to suexec under are also
spelled out pretty clear. My question is the nature of these
requirements -- why they're the way they are. The user and group
requirements specifically.
- Suexec permissions question monttyle
- Re: Suexec permissions question Jim Jagielski
- Re: Suexec permissions question monttyle
- Re: Suexec permissions question monttyle
- Re: Suexec permissions question Jim Jagielski
- Re: Suexec permissions question Jim Jagielski
- Re: Suexec permissions question William A Rowe Jr
- Re: Suexec permissions question monttyle
- Re: Suexec permissions question monttyle
