Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation

RE: Secure Permissions?

by Zoogie (Curate)
on Nov 06, 2000 at 20:31 UTC ( #40187=note: print w/replies, xml ) Need Help??

in reply to Secure Permissions?

Just thought I'd point out that Apache can be also configured to run using a suid wrapper, so that CGIs can be run in mode 700 (rwx------) or 500 (r-x------). In this configuration, the CGIs execute as the user whose account corresponds to that directory. Thus, on a system that hosts many web accounts, a user can create a set of scripts which are executable, have the same access as that user, yet be unreadable by other users on the same system. The script can also then read and write files which the user can only access (mode 600: rw-------). I'm not sure how common this setup is (so far I've only run into two servers which have Apache set up this way; both were webhosting companies).

- Zoogie

Replies are listed 'Best First'.
RE: RE: Secure Permissions?
by Fastolfe (Vicar) on Nov 06, 2000 at 20:43 UTC
    If you have a system where you have a bunch of users executing their own CGI scripts, you probably want to do this, to limit the amount of damage a user can do. Take it a step further and put resource/file system limits on users as well.

    Just be advised that if you're allowing users to run their own CGI scripts, you can forget about security. Odds are, they've got some insecure stuff up there, and if your system is going to be compromised, this is definitely the way I'd try and do it. Except now instead of running as a 'nobody' user or a restricted web server user, they're running as a legitimate, real user on your system, which could make it a lot easier for them to get further.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://40187]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (5)
As of 2020-09-26 21:23 GMT
Find Nodes?
    Voting Booth?
    If at first I donít succeed, I Ö

    Results (142 votes). Check out past polls.