I'm trying to call an executable from a PHP script that needs to be run as a different user (NOT root) than the web server normally runs as. I thought it should be sufficient to just set the setuid bit on the executable in question, as it is already owned by the user it needs to run as. However, when I do this I get this error:
The application with bundle ID (null) is running setugid(), which is not allowed
Apparently at some point Mac OS X broke the ability to run setuid programs unless you are running as root. I definitely do not want the web server to run as root or the other user!
It appears that Apple has some special hoops you have to jump through to authorize such a thing to occur - problem is, if I am understanding it correctly, this method prompts the user to enter a password or something. This obviously is not acceptable from a script run from a web server! Another potential problem is that I can't modify the executable to introduce some kind of authentication call.
