Re: User directory security

From: Gandalf Parker (gandalf_at_most.of.my.favorite.sites)
Date: 06/12/04

  • Next message: Security Alert: "SSRT3487 rev.3 remote denial of service in tftpd"
    Date: Sat, 12 Jun 2004 18:03:33 GMT
    
    

    those who know me have no need of my name <not-a-real-address@usa.net>
    wrote in news:m13c516aas.gnus@usa.net:

    > in comp.unix.admin i read:
    >
    >>When I need to only allow my account to have access to a file, I set
    >>the permissions accordingly (no ACL's on our system) and have the web
    >>server access it using a CGI script called through CGIwrap:
    >>
    >>http://cgiwrap.sourceforge.net/
    >>
    >>This allows the web server to run my UID rather than nobody.
    >
    > cgiwrap is an excellent alternative to suexec. it can even run php
    > scripts without them being `normally executable' (with a shebang line
    > and with execute permission), i.e., it can remain the same sort of php
    > file that `everyone' expects (starts with <? and is mode 644 or so).
    >

    I tend to think as a sysadmin upward rather than web or program downward
    to the system. I find that I have more control and security if I have a
    program or cgi or web-page create a file with the information in it. Then
    have a CRON job look for the file in order to process it. Alot of the
    more confusing security checks are not needed with that method.

    Gandalf Parker
    -- Have you ever noticed that the Klingons are all speaking unix?
    "Grep ls awk chmod." "Mknod ksh tar imap."
    "Wall fsck yacc!" (that last is obviously a curse of some sort)


  • Next message: Security Alert: "SSRT3487 rev.3 remote denial of service in tftpd"