Re: User directory security
From: Gandalf Parker (gandalf_at_most.of.my.favorite.sites)
Date: Sat, 12 Jun 2004 18:03:33 GMT
those who know me have no need of my name <email@example.com>
wrote in news:firstname.lastname@example.org:
> in comp.unix.admin i read:
>>When I need to only allow my account to have access to a file, I set
>>the permissions accordingly (no ACL's on our system) and have the web
>>server access it using a CGI script called through CGIwrap:
>>This allows the web server to run my UID rather than nobody.
> cgiwrap is an excellent alternative to suexec. it can even run php
> scripts without them being `normally executable' (with a shebang line
> and with execute permission), i.e., it can remain the same sort of php
> file that `everyone' expects (starts with <? and is mode 644 or so).
I tend to think as a sysadmin upward rather than web or program downward
to the system. I find that I have more control and security if I have a
program or cgi or web-page create a file with the information in it. Then
have a CRON job look for the file in order to process it. Alot of the
more confusing security checks are not needed with that method.
-- Have you ever noticed that the Klingons are all speaking unix?
"Grep ls awk chmod." "Mknod ksh tar imap."
"Wall fsck yacc!" (that last is obviously a curse of some sort)