CGI support - Sorry to bring it up

Francis Daly francis at daoine.org
Mon May 12 23:34:30 UTC 2014


On Thu, May 08, 2014 at 03:11:24PM +0100, Lyle wrote:

Hi there,

> For some of our old Perl CGI scripts we've hit the issue I'm sure
> most of you are familiar with. I've searched for solutions and have
> found a number, all of which have various caveats. It's unclear as
> to what they best way to deal with this is. Along with plain CGI
> (and fastcgi) suexec is an important security feature to ensure that
> compromised scripts don't have permission to wreak havoc on other
> user accounts, and run things with tight permissions (along with
> sorting our FTP script upload issues you can have).

I may be being slow here, but: what's the specific issue you're concerned
about?

suexec is a way for a (CGI) script-processing server to run scripts
under a separate user account.

nginx doesn't do CGI.

nginx does most kinds of "active" content by being a client to another
server which actually does the work. That server could run suexec,
I suppose, or it could run everything under a separate user account.

Cheers,

	f
-- 
Francis Daly        francis at daoine.org



More information about the nginx mailing list