Bewley.net HTTPD: How do I run CGI programs as their owner?

It is often necessary for a CGI program to create or modify a file on the server. This requires that the CGI have write permission where the file resides. Since the web server runs as user nobody or www it will not always have permission to modify a file. There are 2 ways to get around that.

1. Change the permissions on the file or directory to world writable. Bad! Yuck! Ptooey!

2. Create a common group between the user and the httpd user. This isn't always practical.

3. Run the CGI with the userid of the file's owner. This is recommended whether you need to write files or not. By running CGI programs as their respective owners you can greatly improve security and accountability.
   There are at least a couple of ways to accomplish this option.

   • CGIWrap - This is what you want to use if you are running a multi user site where CGI programs may be out of the document root and in users' home directories.
   • Apache suEXEC - This option is more geared toward virtual servers and can help you run all of a virtual host's CGI programs as the owner of that host.