: Run server-side script as authenticated user in apache--is it possible? I'm developing a web app that takes a bunch of parameters (dropdown boxes, etc) from an authenticated user, creates a file,
I'm developing a web app that takes a bunch of parameters (dropdown boxes, etc) from an authenticated user, creates a file, then delivers that file via stdin to a program on my web server.
Due to some limitations of the server-side program, I'd like to have Apache run that server-side program as the previously authenticated user rather than as the generic apache user.
So for example, if user foo logs in (using mod_authz_ldap on the backend), and fills out the form, the form should then execute the command on the server as user foo rather than user apache.
Is this possible?
More posts by @Bethany197
2 Comments
Sorted by latest first Latest Oldest Best
I had an entry made into our sudoers file to give a specific user access to run a script with no password. I don't think it's easy to dynamically set the user who's executing the script. Be careful if you edit your sudoers file to use visudo and not another editor. If it gets corrupted and you can't su just restart and drop into a root shell and remove the lines.
Typically, CGI scripts run as the user of the web server. But many(most?) web hosts use suEXEC to run CGI scripts as a different user.
However, suEXEC is typically used to run a script/program as different users based on the vhost or the user directory the program resides in. I'm not sure if it's possible to dynamically choose the user to run the program as.
But what you could do is have different copies of each program located in a different vhost or user directory, and use the authentication process to choose which copy of the program to run, effectively achieving the same thing.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.