# SuEXEC

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/SuEXEC
> Markdown URL: https://mediated.wiki/source/SuEXEC.md
> Source: https://en.wikipedia.org/wiki/SuEXEC
> Source revision: 1329544904
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

{{lowercase}}
{{Infobox software
| name = suEXEC
| logo = Apache HTTP server logo (2019-present).svg
| logo alt = 
| logo caption = 
| author = 
| developer = [Apache Software Foundation](/source/Apache_Software_Foundation)
| released = <!-- {{Start date and age|YYYY|MM|DD|df=yes/no}} -->
| discontinued = <!-- Set to yes if software is discontinued, otherwise omit. -->
| ver layout = <!-- simple (default) or stacked -->
| latest release version = 
| latest release date = <!-- {{Start date and age|YYYY|MM|DD|df=yes/no}} -->
| latest preview version = 
| latest preview date = <!-- {{Start date and age|YYYY|MM|DD|df=yes/no}} -->
| repo = <!-- {{URL|example.org}} -->
| programming language = [C](/source/C_(programming_language))
| engine = <!-- or engines -->
| operating system = 
| platform = 
| included with = [Apache HTTP Server](/source/Apache_HTTP_Server) 
| size = 
| genre = [Apache](/source/Apache_HTTP_Server) module
| license = [Apache-2.0](/source/Apache_License)
| website = <!-- {{URL|example.org}} -->
}}
{{Portal|Free and open-source software}}
Apache '''suEXEC''' is a feature of the [Apache](/source/Apache_HTTP_Server) [web server](/source/web_server). It allows users to run [Common Gateway Interface](/source/Common_Gateway_Interface) (CGI) and [Server Side Includes](/source/Server_Side_Includes) (SSI) applications as a different user. Normally, all web server processes run as the default web server user (often wwwrun, www-data, apache or [nobody](/source/nobody_(username))). The '''suEXEC''' feature consists of a module for the web server and a [binary](/source/Executable) executable which acts as a wrapper. suEXEC was introduced in Apache 1.2 and is often included in the default Apache package provided by most [Linux distribution](/source/Linux_distribution)s.

If a client requests a CGI and suEXEC is activated, it will call the suEXEC binary which then wraps the CGI scripts and executes it under the user account of the server process (virtual host) defined in the virtual host directive.<ref name=huff />

Additionally, suEXEC perform a multi-step check on the executed CGI to ensure security for the server (including path-checks, a limit of permitted commands, etc.)<ref>[http://httpd.apache.org/docs/2.4/suexec.html apache.org - suEXEC Support]</ref>

==Example==
User "Alice" has a website including some Common Gateway Interface script files in her own <code>public_html</code> (a common web root directory name) folder, which can be accessed by <code><nowiki>https://example.com/~alice</nowiki></code>.

User "Bob" now views Alice's webpage, which requires Apache to run one of these CGI scripts.

Instead of running all scripts as "wwwrun" (which results in the need that all scripts have to be readable and executable for the "wwwrun" group if the file is owned by that group or for all users otherwise), the scripts in <code>/home/alice/public_html</code> will be wrapped using suEXEC and run with Alice's user ID resulting in higher security and eliminating the need to make the scripts readable and executable for all users or everyone in the "wwwrun" group (instead only Alice herself needs to be able to run the script).

== References==
<references>

<ref name=huff>{{cite web|last1=Miller|first1=Chris|title=Deploying PHP: mod_php? CGI/suExec? FastCGI?|date=26 September 2012 |url=https://www.huffingtonpost.com/cmiller/deploying-php-mod_pp-cgis_b_1824688.html|publisher=Huffington Post|accessdate=26 February 2015}}</ref>

</references>

== External links ==
* [https://httpd.apache.org/docs/2.4/suexec.html apache.org - suEXEC Support (Apache 2.4)]
* [https://httpd.apache.org/docs/1.3/suexec.html apache.org - suEXEC Support (Apache 1.3)] {{Webarchive|url=https://web.archive.org/web/20210419032554/https://httpd.apache.org/docs/1.3/suexec.html |date=2021-04-19 }}

HTTP Server
Category:Apache httpd modules
Category:Command-line software
Category:Computer security software
Category:Software using the Apache license
Category:Unix network-related software
Category:Unix security-related software

{{security-software-stub}}

---
Adapted from the Wikipedia article [SuEXEC](https://en.wikipedia.org/wiki/SuEXEC) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/SuEXEC?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
