Aptilis manual: User wrapping (suExec)

User wrapping (suExec)		Advanced topics

1. Introduction
2. How to do it

1. Introduction
(This is a UNIX only feature).
Depending on how your Web server is setup, you may find that all the files your scripts write (By using the saveFile command for example) are written by someone oddly named 'nobody'. This happens to CGI scripts, and it's not a problem until you want to download or upload those files with FTP or you want to access them with vi.
It is not only annoying, it is also quite dangerous:
other users of the same sever may read, write or even delete the files your script has written. On top of that you have to allow your target directory to be written to by anyone so that 'nobody' can also save the files in there.
That leaves your space open to anyone else having access to the server to pour tons of data in your space...

This happens because the system administrator has set up the web server to run as user 'nobody' to minimize security risks.
(I won't elaborate on the pros and cons of that approach)
In other words, when someone on the web fills a form on your web site, hits [submit] and runs a script, the script is not run by 'you', but by the web server software acting as user 'nobody'.

The solution to this is to enable user wrapping. You can use things such as CGI-wrap if you want to, but aptilis has a built in mechanism to do the same thing. So that when an aptilis script is run, it runs with the same permissions as it's owner's (yours).

2. How to do it
Setting up aptilis to use the wrapping facility is straightforward, but you need to have administrator rights to do it. If you don't, then you'll have to beg him/her to do so. If you are a system administrator make your mind up when you install aptilis the first time: when users have thousands of files written by 'nobody', enabling wrapping will break their scripts, suddenly unable to read the very files they have written in a former life...
To enable wrapping, the aptilis interpreter should have both the sUID and the gUID bits set, and it should belong to user and group 'root'. You do that with the commands:

chown root aptilis.exe
chgrp root aptilis.exe
chmod 6755 aptilis.exe

chown root aptilis-run.exe
chgrp root aptilis-run.exe
chmod 6755 aptilis-run.exe (The one that runs aptilis p-code)
as opposed to:
chmod 755 aptilis.exe (to make it a simple executable)

Warning: You have to have logged in as root for these to work!

When this has been done, aptilis will run as the user owning the aptilis script. Note that in order to run a script as 'Root', both real user ID and effective user ID AND both real group ID and effective group ID have to be root. In other words, unless your web server is itself running as root -and that's a major security risk, a CGI script can never run as root. To run a script as root you need to do it from the command line having logged in as root.

The way aptilis does things is sure easier to set-up and faster than CGI-wrap (CGI-wrap is an extra piece of software called by the web browser. CGI-wrap then calls your script and it's interpreter with the desired permissions). However, since CGI-wrap is a tad more fussy on security, you might still want to use it instead of using the built-in wrapping in aptilis. This is Okay, just remember to not set the sUID and the gUID bits on the aptilis file permissions.