Avoid giving advice that's bad for security, as per SF bug #823515

diff --git a/Doc/lib/libcgi.tex b/Doc/lib/libcgi.tex
index 055f66cafa213195189af056c9c3fa1c1d781b89..add322d584f51aa5161ec07889204c180888d841 100644 (file)
--- a/Doc/lib/libcgi.tex
+++ b/Doc/lib/libcgi.tex
@@ -598,7 +598,9 @@ Usually, this means using absolute path names --- \envvar{PATH} is
 usually not set to a very useful value in a CGI script.
 
 \item When reading or writing external files, make sure they can be read
-or written by every user on the system.
+or written by the userid under which your CGI script will be running:
+this is typically the userid under which the web server is running, or some
+explicitly specified userid for a web server's \samp{suexec} feature.
 
 \item Don't try to give a CGI script a set-uid mode.  This doesn't work on
 most systems, and is a security liability as well.