in reply to Re: (newrisedesigns) permissions and apache
in thread permissions and apache
Perhaps some elaboration...
Currently, the website updates itself every night at midnight thru cron. My site isn't just a "hi, I'm cidaris, this is a 3MB bmp of my dog".
Every day, there is between 30 and 100 new pieces of content to add, and the HTML must be generated for it.
Think of a high-end porn site, without the pictures. Stock photo kind of stuff.
Lots of content, fairly organizational.
Lately, I've been aching for some customization. I built a MySQL database to house all the variable info, like table schemes, color schemes, individual images, applicable holidays, etc.
I know this is just screaming "use a templating system!" but I didn't.
The program is done, I just want to run it from the web now, instead of in cron.
I want my admins to be able to go to a page, specify with radio buttons all the options they want, and click 'Go' and the program builds them a site.
So, as is, a script which people call from the web lets them select all these options, change info, update the database, etc.
Once they hit submit on the final "OK, we're all done" page, it calls the site generation program with a single argument, the primary key for the appropriate database table.
The problem is that since the generator program is writing pages in the /htdocs/ folder, it must have better permissions than 'nobody'.
But since Apache (which I've set to run as 'nobody' in accordance with nearly every security discussion agrees on) calls it, it now has 'nobody' permissions and hence, cannot write to htdocs.
I have looked into sudo, and it's looking like that may be the solution. Originally, someone pointed me to CGIWrap, but it's documentation is somewhat sparse.
So, like all (s/wise/lazy/) men, I thought to inquire before I embarked on some large, 3rd party-heavy solution.
Hopefully, I can find some answers.
cidaris
Currently, the website updates itself every night at midnight thru cron. My site isn't just a "hi, I'm cidaris, this is a 3MB bmp of my dog".
Every day, there is between 30 and 100 new pieces of content to add, and the HTML must be generated for it.
Think of a high-end porn site, without the pictures. Stock photo kind of stuff.
Lots of content, fairly organizational.
Lately, I've been aching for some customization. I built a MySQL database to house all the variable info, like table schemes, color schemes, individual images, applicable holidays, etc.
I know this is just screaming "use a templating system!" but I didn't.
The program is done, I just want to run it from the web now, instead of in cron.
I want my admins to be able to go to a page, specify with radio buttons all the options they want, and click 'Go' and the program builds them a site.
So, as is, a script which people call from the web lets them select all these options, change info, update the database, etc.
Once they hit submit on the final "OK, we're all done" page, it calls the site generation program with a single argument, the primary key for the appropriate database table.
The problem is that since the generator program is writing pages in the /htdocs/ folder, it must have better permissions than 'nobody'.
But since Apache (which I've set to run as 'nobody' in accordance with nearly every security discussion agrees on) calls it, it now has 'nobody' permissions and hence, cannot write to htdocs.
I have looked into sudo, and it's looking like that may be the solution. Originally, someone pointed me to CGIWrap, but it's documentation is somewhat sparse.
So, like all (s/wise/lazy/) men, I thought to inquire before I embarked on some large, 3rd party-heavy solution.
Hopefully, I can find some answers.
cidaris
In Section
Seekers of Perl Wisdom