Apache && CGI && uid || back to cern?

Apache && CGI && uid || back to cern?

Post by Andres Cvitkovi » Sat, 16 Nov 1996 04:00:00



Hi,

I just migrated my host's web server from cern httpd to apache 1.1.1
(host os linux) and got it up and running quite fast and quite fine.

BUT there is one job that seems to make problems to get done with apache:

I want to allow some of the users (not all, not generally) to write
CGI scripts that get executed under their own user-id. Example:

http://atpforest/cgi-bin/date.sh     is being executed with uid www:users
http://atpforest/~ac/cgi/date.sh     is being executed with uid ac:users

(date.sh being a simple shell script giving you the host's date and time)
With CERN, I could do this with a Protection/Protect/Exec statement and
.www_acl in the user's cgi dir. With Apache, this seems to be possible
only by writing a script running as root doing the job, or is there
another way (the docs don't tell...) ?

greets, ac.-
---

ps. what does the line
  ---

  ---
  try to tell me (happens when I try to post an article from the atpforest
  host instead of this one)? Which file has to be set to make tin work
  again? (/etc/NNTPSERVER is set correctly)

------------------------------------------------------------
andres cvitkovich - vienna university of technology, austria

www: http://atpforest.tuwien.ac.at/~ac/

 
 
 

Apache && CGI && uid || back to cern?

Post by Hussein Sulem » Fri, 22 Nov 1996 04:00:00



>I want to allow some of the users (not all, not generally) to write
>CGI scripts that get executed under their own user-id. Example:

try cgiwrap. i used it on successfully on NCSA httpd and Apache.

its a wrapper for all scrpts that changes the userid:groupid before
running the script.

i cant remember the original location but you should be able to archie
search for it. if you cant find it try
ftp://elf.udw.ac.za/pub/cgiwrap-3.22.tar.gz

ttfn

hussein

 
 
 

Apache && CGI && uid || back to cern?

Post by Nathan Neuling » Fri, 22 Nov 1996 04:00:00


You could install cgiwrap:

ftp://ftp.cc.umr.edu/pub/cgi/cgiwrap/

http://www.umr.edu/~cgiwrap/

That is basically the setid-root script that handles security checks and
setuid to the user.

-- Nathan


| Hi,
|
| I just migrated my host's web server from cern httpd to apache 1.1.1
| (host os linux) and got it up and running quite fast and quite fine.
|
| BUT there is one job that seems to make problems to get done with apache:
|
| I want to allow some of the users (not all, not generally) to write
| CGI scripts that get executed under their own user-id. Example:
|
| http://atpforest/cgi-bin/date.sh     is being executed with uid www:users
| http://atpforest/~ac/cgi/date.sh     is being executed with uid ac:users
|
| (date.sh being a simple shell script giving you the host's date and time)
| With CERN, I could do this with a Protection/Protect/Exec statement and
| .www_acl in the user's cgi dir. With Apache, this seems to be possible
| only by writing a script running as root doing the job, or is there
| another way (the docs don't tell...) ?
|
|
| greets, ac.-
| ---
|
| ps. what does the line
|   ---

|   ---
|   try to tell me (happens when I try to post an article from the atpforest
|   host instead of this one)? Which file has to be set to make tin work
|   again? (/etc/NNTPSERVER is set correctly)
|
|
| ------------------------------------------------------------
| andres cvitkovich - vienna university of technology, austria

| www: http://atpforest.tuwien.ac.at/~ac/

------------------------------------------------------------
Nathan Neulinger                  Univ. of Missouri - Rolla

WWW: http://www.umr.edu/~nneul      SysAdmin: rollanet.org