+# This service which allows CGI programs to be provided which do not
+# run as the webserver user, but instead are owned by a particular
+# other account.
+#
+# Similar effects can be achieved with Apache's suexec; this facility
+# is for administrators who do not trust suexec and wish to defend the
+# webserver from the CGI script providers, and vice versa, as much as
+# possible. This is achieved by using userv to do the cross-account
+# call, rather than a custom setuid helper.
+#
+# This default configuration allows the webserver user to invoke
+# users' CGI programs from each user's ~/public-cgi, but to allow
+# external http clients to do this, the webserver will also need to be
+# configured.
+
if ( grep service-user-shell /etc/shells
& glob calling-user www-data
)
reset
no-suppress-args
no-set-environment
- execute /usr/local/lib/user-cgi/target public-cgi
+ execute /usr/local/lib/userv/cgi/target public-cgi
fi