[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cgiapp] access permission

On May 3, 2004, at 2:22 AM, Jan Dworschak wrote:


Ron Savage wrote:


On Mon, 03 May 2004 08:33:34 +0200, Jan Dworschak wrote:

Hi Jan



it is no option to alter the permissions of the file!
Either you change the file permissions or you arrange for the file owner and the web server to be in the same file permission group. 

In the latter case, the file permissions could then be rw-r-----.
in my case the file is a mailfolder or a user-specific file. And nobody has access to that file, except me (or any other user to his mailfolder). I think read-permission for the group is in that case no good choice (security problem).
Is there a way to execute the cgi-script under a existing user? Then permission problems should be solved.
If your web server supports it, you could run the script setuid, but that would require a separate script for each user. Since we're talking about CGI::Application here, it would only require a separate instance script for each user, but that's still a hassle to manage if anything needs to be changed around in the instance script.
Alternatively, since you're trying to access mail files, can you get to them through a POP or IMAP interface? That way the CGI can authenticate to the POP/IMAP server--which should have permissions to read/write user's mbox files--and you get around the permissions problem.
Other than those two options, you'd have to do some fancy footwork to get it going. You could write your own server to act in place of the POP/IMAP server or write a setuid program that your CGI could talk to, but both open up a very messy can of worms from a security standpoint.
What is the function of the CGI overall? Also, what web server is this running under? A little more info might help me give you some better ideas. 

-- James Sinclair



---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
             http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed




---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
             http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.