X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=blobdiff_plain;f=www-cgi%2Fwww-cgi;h=364f7e526a08aca607d564ef9025f1b90a3ab4d1;hb=186ea161e7d144dd8e3791f174a7173e2f399346;hp=9b90786d35fc4539ddf114155b14708447239d9d;hpb=0e397d0be8cd0f6e57cb7b78dada83a30261fb73;p=userv-utils.git

diff --git a/www-cgi/www-cgi b/www-cgi/www-cgi
index 9b90786..364f7e5 100644
--- a/www-cgi/www-cgi
+++ b/www-cgi/www-cgi
@@ -1,8 +1,23 @@
+# This service which allows CGI programs to be provided which do not
+# run as the webserver user, but instead are owned by a particular
+# other account.
+#
+# Similar effects can be achieved with Apache's suexec; this facility
+# is for administrators who do not trust suexec and wish to defend the
+# webserver from the CGI script providers, and vice versa, as much as
+# possible.  This is achieved by using userv to do the cross-account
+# call, rather than a custom setuid helper.
+#
+# This default configuration allows the webserver user to invoke
+# users' CGI programs from each user's ~/public-cgi, but to allow
+# external http clients to do this, the webserver will also need to be
+# configured.
+
 if ( grep service-user-shell /etc/shells
    & glob calling-user www-data
    )
 	reset
 	no-suppress-args
 	no-set-environment
-	execute /usr/local/lib/user-cgi/target public-cgi
+	execute /usr/local/lib/userv/cgi/target public-cgi
 fi