How Can I Stop My Cgi Script Reading And Writing Files As Nobody?

1.	How Can I Stop My Cgi Script Reading And Writing Files As Nobody?
Answer» CGI scripts are run by the HTTPD, and therefore by the UID of the HTTPD process, which is (by CONVENTION) usually a special user "nobody". There are two basic ways to run a script under your own userid: (1) The direct approach: use a setuid PROGRAM. (2) The double-server approach: have your CGI script communicate with a second process (e.g. a daemon) running under your userid, which is responsible for the actual file management. The direct approach is usually faster, but the client-server architecture may help with other problems, such as maintaining integrity of a database. When running a compiled CGI program (e.g. C, C++), you can make it setuid by simply setting the setuid bit: e.g. "chmod 4755 myprog.cgi" For security reasons, this is not possible with scripting languages (eg Perl, Tcl, shell). A workaround is to run them from a setuid program, such as cgiwrap. In most cases where you'd want to use the client-server approach, the server is a finished product (such as an SQL server) with its own CGI interface. A lightweight alternative to this is Don Libes' "expect" package. CGI scripts are run by the HTTPD, and therefore by the UID of the HTTPD process, which is (by convention) usually a special user "nobody". There are two basic ways to run a script under your own userid: (1) The direct approach: use a setuid program. (2) The double-server approach: have your CGI script communicate with a second process (e.g. a daemon) running under your userid, which is responsible for the actual file management. The direct approach is usually faster, but the client-server architecture may help with other problems, such as maintaining integrity of a database. When running a compiled CGI program (e.g. C, C++), you can make it setuid by simply setting the setuid bit: e.g. "chmod 4755 myprog.cgi" For security reasons, this is not possible with scripting languages (eg Perl, Tcl, shell). A workaround is to run them from a setuid program, such as cgiwrap. In most cases where you'd want to use the client-server approach, the server is a finished product (such as an SQL server) with its own CGI interface. A lightweight alternative to this is Don Libes' "expect" package.

Answer»

CGI scripts are run by the HTTPD, and therefore by the UID of the HTTPD process, which is (by CONVENTION) usually a special user "nobody".

There are two basic ways to run a script under your own userid:

(1) The direct approach: use a setuid PROGRAM.

(2) The double-server approach: have your CGI script communicate with a second process (e.g. a daemon) running under your userid, which is responsible for the actual file management.

The direct approach is usually faster, but the client-server architecture may help with other problems, such as maintaining integrity of a database.

When running a compiled CGI program (e.g. C, C++), you can make it setuid by simply setting the setuid bit:

e.g. "chmod 4755 myprog.cgi"

For security reasons, this is not possible with scripting languages (eg Perl, Tcl, shell). A workaround is to run them from a setuid program, such as cgiwrap.

In most cases where you'd want to use the client-server approach, the server is a finished product (such as an SQL server) with its own CGI interface.

A lightweight alternative to this is Don Libes' "expect" package.

CGI scripts are run by the HTTPD, and therefore by the UID of the HTTPD process, which is (by convention) usually a special user "nobody".

There are two basic ways to run a script under your own userid:

(1) The direct approach: use a setuid program.

(2) The double-server approach: have your CGI script communicate with a second process (e.g. a daemon) running under your userid, which is responsible for the actual file management.

The direct approach is usually faster, but the client-server architecture may help with other problems, such as maintaining integrity of a database.

When running a compiled CGI program (e.g. C, C++), you can make it setuid by simply setting the setuid bit:

e.g. "chmod 4755 myprog.cgi"

For security reasons, this is not possible with scripting languages (eg Perl, Tcl, shell). A workaround is to run them from a setuid program, such as cgiwrap.

In most cases where you'd want to use the client-server approach, the server is a finished product (such as an SQL server) with its own CGI interface.

A lightweight alternative to this is Don Libes' "expect" package.

How Can I Stop My Cgi Script Reading And Writing Files As Nobody?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment