I want to run a specific (perl) CGI script on my webserver. This works reasonable, but it would work immensely better if the CGI script would be running as the currently authenticated user.
Is there a way to do that, e.g. with a wrapper and sudo?
The virtualhost config is as follows:
DocumentRoot /path/to/script
<Directory /path/to/script>
Options FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi
AuthType Basic
AuthName "Authenticate"
# This authenticates against the local NIS
PerlAuthenHandler Apache2::AuthenNIS
PerlAuthzHandler Apache2::AuthzNIS
PerlSetVar AllowAlternateAuth no
Require valid-user
</Directory>
Best Answer
What exactly is preventing your app from running this way?
It's possible to do what you're asking, but it might be a better use of your time to configure an environment where your app can run as the same user which owns the httpd processes.
You're just introducing more complexity to your environment which makes it more difficult to debug, secure, and manage.
Anyway, to answer your question: look into suEXEC -- http://httpd.apache.org/docs/2.0/suexec.html
Echoing the documentation, you're almost always better off not doing things this way.