Cgi permission Questions
Hi all, My first time on the list. I have been looking at the archives but am not able to find anything on this. I have 3 web servers, 1 development/nfs server and 2 database mysql servers in a cluster server farm. All sites are owned by our company so nobody will be on the system except for me. It is behind a firewall and a load-balancer so it is pretty secure. I have several domains set up on the site called test.company.com, demo.company.com, stage.company.com and company.com. company.com is only on the 3 web servers and all the rest is on the development server. I have 2 employees that will be setting up a couple of things using a cgi script called create.pl on test.company.com. When this script is run it has to create new test companies or demo companies. Here is the problem: create.pl is owned by test and group test and has file permissions 755. When the create.pl script is run it becomes owner apache and group apache and has to create new files and directories on the machine. All of the new files and directories then become owner apache and group apace. I need them to stay as owner test and group test. I have used SuExec before and know that it will call create.pl and then become owner test rather than owner apache but would like to know if there was a different way to do this. The main reason for me not wanting to use SuExec is because I want to learn and implement mod_perl and HTML::MASON for this site down the road. Thanks for you reply's in advance. Joe
Re: Cgi permission Questions
Here is the problem: create.pl is owned by test and group test and has file permissions 755. When the create.pl script is run it becomes owner apache and group apache and has to create new files and directories on the machine. All of the new files and directories then become owner apache and group apace. I need them to stay as owner test and group test. There is some information on SuExec in the guide: http://thingy.kcilink.com/modperlguide/install/Is_it_possible_to_run_mod _perl_e.html One possible solution for this with mod_perl is to run a separate server that just handles this script, and start that server as the proper user. - Perrin
Re: [OT] Cgi permission Questions
At 12:26 PM -0700 1/21/02, Joe Bifano wrote:
Hi all,
My first time on the list. I have been looking at the archives but am not
able to find anything on this.
I have 3 web servers, 1 development/nfs server and 2 database mysql servers
in a cluster server farm. All sites are owned by our company so nobody will
be on the system except for me. It is behind a firewall and a load-balancer
so it is pretty secure.
I have several domains set up on the site called test.company.com,
demo.company.com, stage.company.com and company.com. company.com is only on
the 3 web servers and all the rest is on the development server.
I have 2 employees that will be setting up a couple of things using a cgi
script called create.pl on test.company.com. When this script is run it has
to create new test companies or demo companies.
Here is the problem: create.pl is owned by test and group test and has file
permissions 755. When the create.pl script is run it becomes owner apache
and group apache and has to create new files and directories on the machine.
All of the new files and directories then become owner apache and group
apace. I need them to stay as owner test and group test.
This is a little bit offtopic, since it about permissions and not
really about mod_perl, but here goes:
You want to use the build-in perl function chown.
chown((getpwname('test'))[2,3],@files_to_chown);
You should not have to suexec if the files you're attempting to chown
are owned by apache/apache.
Rob
--
When I used a Mac, they laughed because I had no command prompt. When
I used Linux, they laughed because I had no GUI.
Re: Cgi permission Questions
- Original Message - From: Joe Bifano [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 21, 2002 8:26 PM Subject: Cgi permission Questions Hi all, My first time on the list. I have been looking at the archives but am not able to find anything on this. I have 3 web servers, 1 development/nfs server and 2 database mysql servers in a cluster server farm. All sites are owned by our company so nobody will be on the system except for me. It is behind a firewall and a load-balancer so it is pretty secure. I have several domains set up on the site called test.company.com, demo.company.com, stage.company.com and company.com. company.com is only on the 3 web servers and all the rest is on the development server. I have 2 employees that will be setting up a couple of things using a cgi script called create.pl on test.company.com. When this script is run it has to create new test companies or demo companies. Here is the problem: create.pl is owned by test and group test and has file permissions 755. When the create.pl script is run it becomes owner apache and group apache and has to create new files and directories on the machine. All of the new files and directories then become owner apache and group apace. I need them to stay as owner test and group test. Ummm I'm not completly sure, but if you activate the suid on create.pl, then create.pl will be executed as test and not as apache. And I think all files create.pl creates, also will own test:test chmod u+s create.pl that command will give create.pl the suid. I have used SuExec before and know that it will call create.pl and then become owner test rather than owner apache but would like to know if there was a different way to do this. The main reason for me not wanting to use SuExec is because I want to learn and implement mod_perl and HTML::MASON for this site down the road. Thanks for you reply's in advance. Joe
Re: Cgi permission Questions
On Mon, 21 Jan 2002, Joe Bifano wrote: Hi all, My first time on the list. I have been looking at the archives but am not able to find anything on this. Exactly. Because this list is about perl, specifically mod_perl, while your question is about Apache, and its configuration. Please don't ask questions here which have no relevance. There are other lists that discuss these issues. Please visit http://www.apache.org/httpd/, where there is a wealth of great documentation put together through the effort of volunteers to answer exactly this question. -- Steve Reppucci [EMAIL PROTECTED] | Logical Choice Software http://logsoft.com/ | =-=-=-=-=-=-=-=-=-=- My God! What have I done? -=-=-=-=-=-=-=-=-=-=
Re: Cgi permission Questions
Stephen, I know that this is for perl and mod_perl BUT in my question if you looked I specificaly said that we want to upgrade and impleiment our site to mod_perl using HTML::MASON. With saying that , I wanted to make sure that if I made some changes to my Apache setup now , I want to make sure that it will work using our new mod_perl setup in the future. I am pretty sure that you can not use SuExec with mod_perl so I wanted to find out from all the good mod_perl programmers out there before hand. Who wants to set up a server with SuExec and then set up one with mod_perl and have to change all kinds of permission problems. It's hard enought to change all the scripts to mod_perl anyway. If this has no relavence then you did not read my email or understand it. - Original Message - From: Stephen Reppucci [EMAIL PROTECTED] To: Joe Bifano [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, January 21, 2002 4:11 PM Subject: Re: Cgi permission Questions On Mon, 21 Jan 2002, Joe Bifano wrote: Hi all, My first time on the list. I have been looking at the archives but am not able to find anything on this. Exactly. Because this list is about perl, specifically mod_perl, while your question is about Apache, and its configuration. Please don't ask questions here which have no relevance. There are other lists that discuss these issues. Please visit http://www.apache.org/httpd/, where there is a wealth of great documentation put together through the effort of volunteers to answer exactly this question. -- Steve Reppucci [EMAIL PROTECTED] | Logical Choice Software http://logsoft.com/ | =-=-=-=-=-=-=-=-=-=- My God! What have I done? -=-=-=-=-=-=-=-=-=-=
