Todd W wrote:
>
>
> David Gerler wrote:
>
>> How do I make a script run as a specific user.
>>
<snip />
>> When I say that it runs as nobody, I mean that the file output from
>> the pipe is owned by "nobody".
>> Can anyone shed any light on this? How can I make the file run as my
>> user? Alternately, how do I make it chown the file to me. This is on a
>> virtual host server.
>>
>
> This is a reply to the group rather than just you, but when shopping for
> virtual web space, be sure your provider runs a wrapper program like
> suEXEC or cgi-wrap or something. Actully, the only wrapper I reccommend
> is suEXEC. What this does is change the permissions a script runs as to
> the permissions of the script's owner. That way, you can leave your cgi
> programs 700 and the text files (and directories) you write to 600. This
> secures your data very tightly.
>
I was thinking more about the setuid wrapper than I was permissions and
gave a bit of bad advice about them. Here are the permission settings I
use (in terms of chmod):
all static web files (html, pdf, txt, jpg, etc): 644
all directories: 711
set all .cgi programs: 700
all data files used by the .cgi programs: 600
This way no other accounts on the machine can access the files I
wouldn't ever want them to see.
Todd W.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]