Your skill will accomplish what the force of many cannot |
|
PerlMonks |
Re: Yet Another Security Questionby cLive ;-) (Prior) |
on Jun 24, 2001 at 01:03 UTC ( [id://91004]=note: print w/replies, xml ) | Need Help?? |
Hmmm. But if I am another user on this box, I can set up a cgi script to update this data, because my cgi script is also run by the server as nobody. Yes?
If you have root access or a friendly sysadmin, ask them to install cgiwrap. Then you can run scripts as yourself, and set datafile permissions to 600. The cobalt RaQ servers come with cgiwrap seamlessly installed (not a plug, have had both good and bad experiences with these). Alternatively, you can set the effective uid of the script with chmod u+s (I'm sure there are tutorials - I'm a little fuzzy on this as I use cgiwrap). Or write a C wrapper for the script and suid that (more robust for scripts that use system or backticks I think - but again, I'm not sure about this either, so look around). .02 cLive ;-)
In Section
Seekers of Perl Wisdom
|
|