Re: User directory security

• Previous message: Frank Slootweg: "Re: SSRT3606 rev.2 wu-ftpd off by one vulnerability"
• In reply to: those who know me have no need of my name: "Re: User directory security"
• Next in thread: Igmar Palsenberg: "Re: User directory security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 12 Jun 2004 18:03:33 GMT

those who know me have no need of my name <not-a-real-address@usa.net>
wrote in news:m13c516aas.gnus@usa.net:

> in comp.unix.admin i read:
>
>>When I need to only allow my account to have access to a file, I set
>>the permissions accordingly (no ACL's on our system) and have the web
>>server access it using a CGI script called through CGIwrap:
>>
>>http://cgiwrap.sourceforge.net/
>>
>>This allows the web server to run my UID rather than nobody.
>
> cgiwrap is an excellent alternative to suexec. it can even run php
> scripts without them being `normally executable' (with a shebang line
> and with execute permission), i.e., it can remain the same sort of php
> file that `everyone' expects (starts with <? and is mode 644 or so).
>

I tend to think as a sysadmin upward rather than web or program downward
to the system. I find that I have more control and security if I have a
program or cgi or web-page create a file with the information in it. Then
have a CRON job look for the file in order to process it. Alot of the
more confusing security checks are not needed with that method.

Gandalf Parker
-- Have you ever noticed that the Klingons are all speaking unix?
"Grep ls awk chmod." "Mknod ksh tar imap."
"Wall fsck yacc!" (that last is obviously a curse of some sort)

• Previous message: Frank Slootweg: "Re: SSRT3606 rev.2 wu-ftpd off by one vulnerability"
• In reply to: those who know me have no need of my name: "Re: User directory security"
• Next in thread: Igmar Palsenberg: "Re: User directory security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]