"Jason A. Booth" <[EMAIL PROTECTED]> writes: > I have never used suexec, but I would think it better to > chown root:apache /usr/sbin/suexec2 > or whatever group needs it as apposed to making it world executable
I thought it might be a nasty security problem too and asked about it on the apache list. An experienced poster there told me it made very little if any difference which way you went since the users who can use suexec are compiled in at build time. Having it world executable still wouldn't allow some nefarous intruder to run it. But I still felt more comfortable with `root apache' and have since set it that way. A few people have mentioned not having used Suexec making me wonder if there is some other way to allow myuser to run cgi? -- gentoo-user@gentoo.org mailing list
