Yes, and the point here was that it is still Apache user, so if the
Apache
user has access to every user's public_html, then any CGI scripts
executed
there also have access to every user's public_html and even the root
/var/www (or whatever the DocumentRoot is). So what I want is that CGI
scripts from user folders are also executed as another user account than
the generic Apache account, just like what you're planning for mod_wsgi,
the effective user/group for executing the wsgi script depends on that
file's owner information.
Not sure why you are expecting mod_wsgi to address an issue with
mod_cgi/mod_cgid.
Anyway, have you ever read up about suexec for CGI scripts.
http://httpd.apache.org/docs/2.2/suexec.html
That allows you to run CGI scripts as a different user to the Apache
user.
Graham
I guess there was a slight misunderstanding there. I didn't expect
mod_wsgi to address any issues related to CGI scripts, it was rather a
remark that the feature you were planning for mod_wsgi might've been
useful in the context of CGI scripts as well. But looks like suEXEC is
what is meant to address this issue. Naturally I have not read through all
of Apache's documentation, there is just too much, so I had not seen that
configuration option, so thanks for pointing it out to me.
Joonas
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/modwsgi?hl=en.
