To change set the default /etc/skel files and to use useradd on linux, you need to run as root ... but the cgi code normally runs with the userid of the web server (nobody or www) and thus cannot successfully invoke the useradd command. To successfully invoke the useradd command, you could do one of the following: 1. use suid perl and set the owner as root ... but i do not know if you can run a suid perl program under modperl. (anyone? will this work?) 2. run the web server as root ... DO NOT DO THIS! ... it will cause security problems. 3. use apache suexec and set root as the owner of your cgi program, but modperl and suexec do not work together. :( your best bet for what you want to do is to use suid perl ... but it would sure be nice if suexec and modperl worked together ... especially since most cgi programs need to save data for the userid of the cgi program ... especially when virtual hosts are supported ... and shopping cart cgi programs need to save all kinds of tracking data.
in any of the above alternatives, be nice to your sys admin, since root access is needed. jim Frank Wiles wrote: > > On Mon, 18 Mar 2002 14:17:35 EST [EMAIL PROTECTED] wrote: > > > We have a product that at the moment uses a combination of CGI and mod_perl. > > While in the future it will be totally ported to mod_perl, until we figure > > out exactly how we'd like to overcome the 'expat' issues we're stuck with a > > mixed-mode enviroment. > > > > Here however is the current problem. The cgi script under a specific set of > > circumstances (signing up a new account) copies a directory using a fork to > > the system's cp command and they're created as user: apache group: apache. > > > > I'm not by nature a linux mod_perl programmer and thus I'm not totally up on > > the nuances of what I'm doing here. I needed a quick solution to copying a > > template directory to a user directory when a new user account was created, > > and since it happened only once during the user's process I figured a fork to > > cp was worth the performance hit for the simplicity it provided. Single line > > of code vs some directory recurison scheme. > > > > The problem is when I later try access the files or directories under either > > mod_perl or the cgi process the server returns an error unless I set the > > chmod to 777 on the files. This is obviously not good. > > > > I have done some looking into using $> before I write the file but I hadn't > > found anything about using this under mod_perl ... let alone mod_cgi ... > > except that generally it's a bad idea to setuid to root. um yeah ... I wasn't > > gonna do that ... I just didn't want to give the world 777 access to files > > that run under apache:apache. I also didn't want to follow bad with worse > > implimenetation wise. > > > > Is there a simple secure method for copying a directory from a template > > directory to a user directory and then giving access to the (new) user > > directory? > > You may want to look into useradd and /etc/skel on a Linux system. It > has everything you are trying to accomplish handled automatically > by using the standard Linux user creation techniques. No need to > re-implement the wheel. :) > > --------------------------------- > Frank Wiles <[EMAIL PROTECTED]> > http://frank.wiles.org > ---------------------------------
