1GSEXEC(8)                       GridSite Manual                      GSEXEC(8)
2
3
4

NAME

6       gsexec - Switch user before executing external programs
7
8

SYNOPSIS

10       gsexec [-V]
11
12

SUMMARY

14       gsexec  is  used  by  the  Apache HTTP Server to switch to another user
15       before executing CGI programs. In order to achieve this, it must run as
16       root.   Since  the HTTP daemon normally doesn't run as root, the gsexec
17       executable needs the setuid bit set and  must  be  owned  by  root.  It
18       should never be writable for any other person than root.
19
20       gsexec  is  based  on  Apache's suexec, and its behaviour is controlled
21       with the Apache configuration file  directives  GridSiteExecMethod  and
22       GridSiteUserGroup  added  to  Apache  by mod_gridsite(8) Four execution
23       methods are supported: nosetuid,  suexec,  X509DN  and  directory,  and
24       these  may be set on a per-directory basis within the Apache configura‐
25       tion file.
26
27

NOSETUID METHOD

29       This is the default behaviour, but can also be produced by giving Grid‐
30       SiteExecMethod nosetuid
31
32       CGI  programs  will then be executed without using gsexec, and will run
33       as the Unix user given by the User and Group  Apache  directives  (nor‐
34       mally apache.apache on Red Hat derived systems.)
35
36

SUEXEC METHOD

38       If  GridSiteExecMethod  suexec is given for this virtual host or direc‐
39       tory, then CGI programs will be executed using the user and group given
40       by the GridSiteUserGroup user group directive, which may also be set on
41       a per-directory basis (unlike suexec's SuexecUserGroup  which  is  per-
42       server  only.) The CGI program must either be owned by root, the Apache
43       user and group specified at gsexec build-time (normally  apache.apache)
44       or by the user and group given with the GridSiteUserGroup directive.
45
46

X509DN METHOD

48       If  GridSiteExecMethod  X509DN is given, then the CGI program runs as a
49       pool user, detemined using lock files in  the  exec  mapping  directory
50       chosen  as  build time of gsexec.  The pool user is chosen according to
51       the client's full certificate X.509 DN (ie with any trailing GSI  proxy
52       name  components  stripped  off.) Subsequent requests by the same X.509
53       identity will be mapped to the same pool user.  The  CGI  program  must
54       either  be owned by root, the Apache user and group specified at gsexec
55       build-time (normally apache.apache) or by the pool user selected.
56
57

DIRECTORY METHOD

59       If GridSiteExecMethod directory is given, then the CGI program runs  as
60       a  pool  user  chosen  according  to  the directory in which the CGI is
61       located: all CGIs in that directory run as the same pool user. The  CGI
62       program  must either be owned by root, the Apache user and group speci‐
63       fied at gsexec build-time (normally apache.apache) or by the pool  user
64       selected.
65
66
67

EXECMAPDIR

69       The  default  exec mapping directory is /var/www/execmapdir and this is
70       fixed when the gsexec executable is built. The exec  mapping  directory
71       and  all  of its lock files must be owned and only writable by root. To
72       initialise the lock files, create an empty  lock  file  for  each  pool
73       user,  with  the  pool username as the filename (eg user0001, user0002,
74       ...) As the pool users are leased to X.509 identities  or  directories,
75       they  will  become hard linked to lock files with the URL-encoded X.509
76       DN or full directory path.
77
78       You can recycle pool users by removing  the  corresponding  URL-encoded
79       hard  link.   stat(1) and ls(1) with option -i can be used to print the
80       inodes of lock files to match up the hard links.
81
82       However, you must ensure that all files and processes owned by the pool
83       user are deleted before recycling!
84
85

OPTIONS

87       -V     If  you  are  root,  this option displays the compile options of
88              gsexec.  For security  reasons  all  configuration  options  are
89              changeable only at compile time.
90
91

MORE INFORMATION

93       For  further  information  about the concepts and the security model of
94       the original Apache suexec please refer to the suexec documentation:
95
96       http://httpd.apache.org/docs-2.0/suexec.html
97
98       For examples using the  gsexec  extensions,  please  see  the  GridSite
99       gsexec page:
100
101       http://www.gridsite.org/wiki/Gsexec
102
103

AUTHORS

105       Apache project, for original suexec
106
107       Andrew McNab <Andrew.McNab@manchester.ac.uk> for gsexec modifications.
108
109       gsexec is part of GridSite: http://www.gridsite.org/
110
111

SEE ALSO

113       httpd(8), suexec(8), mod_gridsite(8)
114
115
116
117gsexec                           October 2005                        GSEXEC(8)
Impressum