[1634] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: CGI Scripts and Permissions

daemon@ATHENA.MIT.EDU (Liz Stokes)
Thu Mar 14 14:44:32 1996

From: Liz Stokes <ilaine@panix.com>
To: www-security@ns2.rutgers.edu
Date: Thu, 14 Mar 1996 11:51:49 -0500 (EST)
In-Reply-To: <01I28YPWJ5PKF5N8MY@dit.ie> from "KGANNON@dit.ie" at Mar 12, 96 10:57:28 am
Errors-To: owner-www-security@ns2.rutgers.edu

KGANNON@dit.ie wrote:
> 
> If these question has been asked before excuse me I am new to the game.
> 
> Has anyone had problems where they run all scripts as NOBODY (or something along those lines) and users start a war deleting each others databases,kill
> processes etc.
> 
> If anyone has a non-wrapper based solution I would be interested in hearing ther input.

I hacked our server to run scripts as the uid of the owner. It gives the
same effect as wrappers without the overhead.

-- 
Liz Stokes
webmistress@panix.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1634] in WWW Security List Archive

Re: CGI Scripts and Permissions

daemon@ATHENA.MIT.EDU (Liz Stokes)Thu Mar 14 14:44:32 1996

daemon@ATHENA.MIT.EDU (Liz Stokes)
Thu Mar 14 14:44:32 1996