# This service which allows CGI programs to be provided which do not
# run as the webserver user, but instead are owned by a particular
# other account.
#
# Similar effects can be achieved with Apache's suexec; this facility
# is for administrators who do not trust suexec and wish to defend the
# webserver from the CGI script providers, and vice versa, as much as
# possible.  This is achieved by using userv to do the cross-account
# call, rather than a custom setuid helper.
#
# This default configuration allows the webserver user to invoke
# users' CGI programs from each user's ~/public-cgi, but to allow
# external http clients to do this, the webserver will also need to be
# configured.

if ( grep service-user-shell /etc/shells
   & glob calling-user www-data
   )
	reset
	no-suppress-args
	no-set-environment
	execute /usr/local/lib/userv/cgi/target public-cgi
fi