HUC Web Services.


SuExec: What it is & how it affects your CGI Scripts

HUC Web Services has enabled SuExec on all servers. This is turned on for security purposes and will not be turned off.

"What is SuExec?" is probably a question you are asking yourself. For apache's official explanation:

If you don't feel like reading through that and just want a friendlier version, SuExec is security and convenience (after you get used to it of course). All processes on a machine run as a user. Normally with cgi/perl scripts, the user used is nobody. With SuExec however, the user becomes you. SuExec allows the script to run as you and access files as you could if you were to access the files from FTP. When SuExec is not enabled, you would have to give world writable/readable permissions on files which isn't safe as that would mean anyone's script on the same server would be able to read/write to that file. SuExec enabled means that users' scripts can only access and manipulate the user's files, not someone else's.

How does this affect your CGI/Perl scripts?
Many of your script's instructions will tell you to change permissions on directories the script needs to write to, to 777 (drwxrwxrwx) and files to 777 (_rwxrwxrwx) or 666 (_rw_rw_rw_). SuExec will not let scripts run or access files that have those permissions or are in directories with those permissions (as they are insecure like that). Instead, any time a script tells you to change permissions to that, make the permissions for the file or directory to 755 (_rwxr_xr_x), and not what the instructions say to. Most instructions for cgi and perl scripts are made for those people on servers not running SuExec, but since you are, you have to do things like permissions a little differently.

Was this answer helpful?

Quick Navigation

Client Login


Follow Us on Twitter