Forgot to cc the list ...
--- Begin Message --- In a message dated 18-Mar-02 10:14:50 PM GMT Standard Time, [EMAIL PROTECTED] writes:
To change set the default /etc/skel files and to use useradd on linux,
you need to run as root ... but the cgi code normally runs with the
userid of the web server (nobody or www) and thus cannot successfully
invoke the useradd command.
To successfully invoke the useradd command, you could do one of
the following:
1. use suid perl and set the owner as root ... but i do not know if you
can run a suid perl program under modperl. (anyone? will this work?)
I think this is roughly my original question ... I didn't find a defininitive answer in the guide or several google searches. And I was fairly sure that the eagle book didn't cover it ... I've heavily used the egale book since the start of this project since it's my first foray into the world of true mod_perl ... and I don't remember seeing anything like this in there.
2. run the web server as root ... DO NOT DO THIS! ... it will cause
security problems.
Part of my concert is that we're going to have a security audit of our program after some inital beta testing. I know I'm faulty where security is concerened and I'm starting to try and lock down the obvious holes ... like having 777 files. Lord knows I don't want to have the server running as root on top of this.
>3. use apache suexec and set root as the owner of your cgi program,
but modperl and suexec do not work together. :(
Exactly and the goal is to eventually be totall mod_perl ... as soon as I get a chance to figure out a clean path around the expat issues, some how I can't see telling clients they need to re-compile apache as a solution, I think they'd see not purchasing our product as a solution.
in any of the above alternatives, be nice to your sys admin, since
root access is needed
Heh ... I am the sysadmin ... or at least in this rare instance I have the same effective control over the box. Thanks for the suggestions but as I said adding new users to the box isn't the solution I was hoping for ... and it seems to be fraught with all of the same problems I'm currently having ...
-Chris --- End Message ---
