Zde můžete vidět rozdíly mezi vybranou verzí a aktuální verzí dané stránky.
— | howto:hosting:cgi_su_exec [2014/01/18 10:36] (aktuální) – vytvořeno - upraveno mimo DokuWiki 127.0.0.1 | ||
---|---|---|---|
Řádek 1: | Řádek 1: | ||
+ | ====== SU Exec CGI a PHP skriptů ====== | ||
+ | ===== Apache multiuser MPM ===== | ||
+ | |||
+ | Install **apache2-mpm-itk** package. Then you can set different users/ | ||
+ | |||
+ | <code apache> | ||
+ | < | ||
+ | AssignUserID myusername www-data | ||
+ | # | ||
+ | #NiceValue 6 | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ===== Lighttpd ===== | ||
+ | |||
+ | For [[man> | ||
+ | |||
+ | <code conf lighttpd.conf> | ||
+ | cgi.assign = ( | ||
+ | #" | ||
+ | #" | ||
+ | " | ||
+ | ) | ||
+ | </ | ||
+ | |||
+ | ==== CGI SU Exec wrapper code ==== | ||
+ | |||
+ | Source: https:// | ||
+ | |||
+ | <code c php-cgi-su.c> | ||
+ | /* | ||
+ | * SU-EXEC Wrapper | ||
+ | * Execute script under it's owner' | ||
+ | * CopyLefted by: Harvie 2oo9 | ||
+ | */ | ||
+ | |||
+ | #include < | ||
+ | #include < | ||
+ | #include < | ||
+ | #include < | ||
+ | #include < | ||
+ | #include < | ||
+ | #include < | ||
+ | |||
+ | #define INTERPRETER "/ | ||
+ | //#define INTERPRETER "/ | ||
+ | |||
+ | void auth_fail() { | ||
+ | puts(" | ||
+ | exit(-1); | ||
+ | } | ||
+ | |||
+ | int main(int argc, char **argv, char **environ) { | ||
+ | if(argc != 2) { //Do not accept more than one argument | ||
+ | printf( | ||
+ | " | ||
+ | " | ||
+ | INTERPRETER, | ||
+ | ); | ||
+ | return -1; | ||
+ | } | ||
+ | struct stat st; | ||
+ | if(!stat(argv[1], | ||
+ | //Get user info | ||
+ | struct passwd *pw; | ||
+ | if(!(pw = getpwuid(st.st_uid))) auth_fail(); | ||
+ | //Change groups | ||
+ | if(initgroups(pw-> | ||
+ | //Change UID a GID | ||
+ | if(setgid(pw-> | ||
+ | if(setegid(pw-> | ||
+ | if(setuid(pw-> | ||
+ | if(seteuid(pw-> | ||
+ | //Fail if still have root privileges | ||
+ | if(getuid() == 0 || getgid() == 0) auth_fail(); | ||
+ | //Launch binary | ||
+ | return(execve(INTERPRETER, | ||
+ | } else { | ||
+ | printf(" | ||
+ | return -1; | ||
+ | } | ||
+ | } | ||
+ | </ |