Hi
Running perl scripts with SuExec and mod_fcgi works fine by using the
SetHandler fcgid-script Option, as described on [1].
However this has one disadvantage: SuExec requires the scripts to be
owned by the same user they should run as. From a security point of
view this is not always what we want, as this potentially allows
vandalism of the whole hosting, if a script is vulnerable.
So for PHP hostings we do it the following way: Hostings have 2 users
that share their primary group. One user is for SFTP Access, the other
one is the user that is used as a SuExec option, let's call it
"run-user". The FCGIWrapper Script is placed outside of the hosting
path and owned by the run-user and the shared group. All the scripts
uploaded by the user are owned by the sftp user. So in general scripts
can't overwrite themselves - the user needs to specifically enable the
group to have write access, to allow uploads etc.
This setup is not really possible with the "SetHandler fcgid-script"
option, as by SuExec rules the script it executes must owned by the
run-user.
So I tried to implement it the same way as I do it for PHP for perl.
But I fail to find and/or write a correct FCGIWrapper Script that
actually works. I found a couple of examples with:
--
#!/bin/sh
exec /usr/bin/perl -w
--
But they all seem to struggle with the same problem I then have:
--
[Thu Dec 08 22:14:53 2011] [warn] [client 127.0.0.1] (104)Connection
reset by peer: mod_fcgid: error reading data from FastCGI server
[Thu Dec 08 22:14:53 2011] [error] [client 127.0.0.1] Premature end of
script headers: index.pl
--
I'm not that experienced with perl, fcgi etc. But as far as I
understood this is because calling directly perl is not really a cgi
savy way, right? So quite obvious that this fails to work...
Hence my questions: Are there any alternative wrapper scripts around
that should be used in my case? Is it simply not possible to execute
perl scripts with mod_fcgid with a FCGIWrapper script? Or how could I
achieve the same setup, I have for PHP, also for perl?
Thanks for your help!
~pete
[1] https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#examples
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org