Gossamer Forum
Home : Products : Gossamer Forum : Pre Sales :

Another Question - SuExec

Quote Reply
Another Question - SuExec
Hi again,

When installing gForum I ran into problems. Turns out my host is running something called suexec, and I had to change the permissions on the install directory from 777 to 755, then it installed without a hitch.

My question is, can you think of any conflicts or problems that might result from running gForums on my server with suexec?

You probably know what suexec is (I didn't until now), but I am going to post below my webhost's layman description along with the link to the techie documentation,

Thanks,

Steve

Quote:


HTTPme has enabled SuExec on all servers. This is turned on for security purposes and will not be turned off.

"What is SuExec?" is probably a question a lot of you are asking yourselves. For apache's official explanation:
http://httpd.apache.org/docs/suexec.html

If you don't feel like reading through that and just want a friendlier version, SuExec is security and convenience (after you get used to it of course). All processes on a machine run as a user. Normally with cgi/perl scripts, the user used is nobody. With SuExec however, the user becomes you. SuExec allows the script to run as you and access files as you could if you were to access the files from FTP. When SuExec is not enabled, you would have to give world writable/readable permissions on files which isn't safe as that would mean anyone's script on the same server would be able to read/write to that file. SuExec enabled means that users' scripts can only access and manipulate the user's files, not someone else's.


How does this affect your CGI/Perl scripts?

Many of your script's instructions will tell you to change permissions on directories the script needs to write to, to 777 (drwxrwxrwx) and files to 777 (_rwxrwxrwx) or 666 (_rw_rw_rw_). SuExec will not let scripts run or access files that have those permissions or are in directories with those permissions (as they are insecure like that). Instead, any time a script tells you to change permissions to that, make the permissions for the file or directory to 755 (_rwxr_xr_x), and not what the instructions say to. Most instructions for cgi and perl scripts are made for those people on servers not running SuExec, but since you are, you have to do things like permissions a little differently.
Quote Reply
Re: [bravelion] Another Question - SuExec In reply to
Hi,

No, the program will work fine under suexec (we use it on all our servers here).

Cheers,

Alex
--
Gossamer Threads Inc.