Date: Thu, 5 Sep 1996 08:45:54 -0400 (EDT) From: Branson Matheson <branson@widomaker.com> To: Paul Walsh <paul@nation-net.com> Cc: questions@freebsd.org Subject: Re: suidperl from httpd not working Message-ID: <Pine.BSF.3.91.960905084327.10716A-100000@garion.hq.ferg.com> In-Reply-To: <322EC149.F3D@nation-net.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 5 Sep 1996, Paul Walsh wrote: > Is there any way an httpd user (nobody) can run a setuid perl script through > cgi? Does it have to be a 'real' user. This is a bad idea security wise. It would be much better if you were to create a seperate user/httpd pair and run it like that. For instance, I am using a DNS Perl program that handles my DNS maps for me. It has a web interface, so I create a user called nsadmin and a group nsadmin. I make all the relevant files owned by that pair and run httpd as that user. For things that have to be done as root, ( named.restart ) , I use a cronjob that checks to see if a .reboot file exists. -branson ============================================================================= Branson Matheson | Ferguson Enterprises | If Pete and Repeat were System Administrator | W: (804) 874-7795 | sittin on a fence and Pete Unix, Perl, WWW | branson@widomaker.com | fell off, who is left?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960905084327.10716A-100000>