Then it hit me, hard, that it should NOT have worked. Or at least I don't think it should have.
I have a site running with php 5.6 (php-fpm mode)
In /httpdocs there's a file we'll call "file.fcgi" which has standard perms and owner (ftpuser) and contains :
Code: Select all
#!/bin/sh exec /opt/directory/somefile_cgi
And as I say, it works. Accessing domain.tld/file.fcgi causes the perl script to run.
How is this possible? I realise the somefile_cgi is world executable. But how is ftpuser able to run "exec"?
Shell access is disabled for this user. I've checked /etc/passwd and the shell is /bin/false for the particular ftpuser.