> i am fairly confident that the camel book knows what it's
> talking about. i would re-check that test that you tried,
> or post it here, so we can gnaw on it.
> > I have a program (that's going to be run either under
> > Apache::Registry or eventually transmuted into a mod_perl doohickey) that
> > needs, for part of it's life cycle, to do something _as_ a particular
> > user. Well, which user it is will change on a per-invocation basis
> > but that is doable via mod_rewrite and @ARGV or something.
> >
> > I looked in the camel book and it recommended forking off a child
> > process and changing the UID et al. within the child process. The
> > child process then does whatever with it's lower, presumably safer
> > set of permissions and whatnot, with it's output going back to the
> > parent process. Problem is, a quick test script I wrote up to try this
> > doesn't work. ???
> >
> > To recap:
> >
> > 1) script that's going to be run by nobody (i.e. Apache/perl)
> > 2) needs to run at some point as (fill in user name here)
> >
> >
> > I thought about using (cgiwrap || suEXEC), but that has it's own
> > set of nasty headaches. Maybe there is some subtle Unix jujitsu I can
> > whip on it outside of the bounds of perl?
that's what cgiwrap and suEXEC do -- the subtle Unix jujitsu.
I don't think I could put the amount of thought into a wrapper that they
already have, so I wouldn't try to reinvent, but if you want to go that
route, here are some things to consider:
first, to change UID, you must be running as root already.
Which means in the context of running a CGI, you must get from nobody to
root and then to your target UID, protecting yourself while you're in root
from malicious use.
> >
> > A six-pack of whatever your fav beer at HEB is to whoever
> > knows the answer to this bagbiter problem. Or something else if (you.age
> > < 21).
> >
> > If you would like me to post the sample code I will. Thanks in
> > advance.
> >
> > Mike
> >
> > *****************Michael Orion Jackson******************
> > ***********TAMS Class of 96/UT Class of 200?************
> > *********************Random Quote:**********************
> > *Mnemonic | Operator Type | Operators *
> > *Ulcer Unary + - ++ -- [etc.] *
> > *Addicts Arithmetic (& shift) * / % + - << >> *
> > *Really Relational > < >= <= == != *
> > *Like Logical & Bitwise && || & | ^ *
> > *C Conditional (ternary) A > B ? X : Y *
> > *A lot Assignment = += -= *= [etc.] *
> > * From "Thinking in Java" by Bruce Eckel :^) *
> > ********************************************************
> >
> >
> ---------------------------------------------------------------------------
> > Send administrative requests to [EMAIL PROTECTED]
> --
> tom carlile [EMAIL PROTECTED]
> professional systems wrangler http://sacrilege.org
> ---------------------------------------------------------------------------
> Send administrative requests to [EMAIL PROTECTED]
--
_____________________ _ _ _________________________
Michael Rice |_| Collective |_| http://www.colltech.com
[EMAIL PROTECTED] |_ Technologies _| 8009464646/1481714 pager
Consultant [] [] "The Power Of Many Minds"
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
