Arshad Mahmood wrote:
> Is it possible to give access to a system user to run his perl scripts
> securly. The scenario is given below:
>
> Apache 1.3.9 web server.
> User is a system user.
> The user wants to run his own perl scripts present in his home directory
> (Basically he wants CGI progarmming by using perl).
>
> This is a big security risk that the system user can run his own perl
> scripts on the system, so he can do any thing he wants.
>
> Can it be managed securely. Any idea or any suggestions.
>
> Is there any possobilty to solve this.
See the entry "Using SetUserID Execution for CGI" in the Apache
manual.
Are you confident that your system is secure against malicious actions
by local users? If not, then you not only have to trust the user not
to be malicious, but you also have to trust him not to make any
mistakes in his CGI scripts. One mistake could give every person on
the Internet full access to his account, and some of them definitely
are malicious.
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
