Apache : run as different user with APACHE_RUN

Perhaps, we make apache’s worker/child processes run as user ‘apache’ and add the user ‘apache’ into ‘ftsdev' group.

If the above works fine, we can delineate the directories and permissions for an user who is not part of ‘ftsdev’ group.

Apache 2.2.x supports the directive , I THINK .

" export APACHE_RUN_USER=<apache-user> and export APACHE_RUN_GROUP=<apache-group>

Subject: hiding perl code and perl security....

It is hard to hide the source from one user , say ‘contractor’ as the cgi executable has to read and load the script for execution.

Apache cgi-exec worker processes or handlers does not run as root, but non-root user. Only the parent process of apache workers run as root.

If all run as root, we can achieve the goal of hiding the code base.

There are other ways, but not direct.

What you have now:

Server: ftsvm-sj-dev.cisco.com

Username / passsord as given before.

Generic user; “fts contractor” , (login : fcontra1) , password ‘chang3m3’.

This user can not touch /var/www/cgi-bin folder.

However, he can see the files under this folder..

He can only create fiels under /var/www/cgi-bin/contractors

===========================

Protecting Your Programs

http://www.washington.edu/perl5man/pod/perlsec.html

Tech Notes