Problem

You want to make your Movable Type system more secure with suexec or cgiwrap.

Solution

Run the system under cgiwrap or suexec.

Discussion

cgiwrap and suexec are special tools on the web server that allow your CGI scripts to be executed as "you", rather than as the web server. This simplifies Movable Type installation, because you no longer have to set permissions on your weblog or db directories, although you still need to set the permissions on the CGI scripts themselves. It is also more secure, because your weblog directories will be writeable only by you.

You may need to check with your hosting provider or system adminstrator to determine if your server has either of these tools installed. Movable Type can make a guess as to whether it is supported while verifying requirements. When you run mt-check.cgi, under the line reporting the version of Perl on your server, look for a line that says

    (Probably) running under cgiwrap or suexec

This indicates that your server probably has cgiwrap or suexec installed. This is not a guarantee though.

To enable the heightened security that cgiwrap and suexec provide, add the following lines to your mt-config.cgi file:

    DBUmask 0022
    HTMLUmask 0022
    UploadUmask 0022
    DirUmask 0022