now I see. thank you.

On Mon, Aug 22, 2011 at 5:56 PM, Nathan Neulinger <nneul@neulinger.org> wrote:
No - the whole point is to run the scripts with individual user level permissions. You probably should seek some assistance from a knowledgeable admin for how to do it securely.

For limited admin functionality, you most likely will want to use sudo with a NOPASSWD entry for the SPECIFIC commands that you want to use from the cgi script, but even with that you need to be very careful with how you do it or you're going to open up security holes.

-- Nathan


On 08/22/2011 08:23 AM, Ali Ghanavatian wrote:
allright, correct me if I'm wrong: I can't run a perl/script which executes "/sbin/*" stuff like "/sbin/iptables" using
this wrapper, unless I change the owner of all "cgi-bin/*" scripts to "root".


On Mon, Aug 22, 2011 at 5:47 PM, Nathan Neulinger <nneul@neulinger.org <mailto:nneul@neulinger.org>> wrote:

   Mainly stuff like whether the script is setuid, or has improper permissions (i.e. 777) or isn't owned by the same
   user as the account it would be running as.

   -- Nathan

   On 08/19/2011 08:55 PM, Ali Ghanavatian wrote:

       Hello world!
       I just found cgiwrapper, I was reading this page. at the end of first paragraph it says "...In addition, several
       security checks are performed on the script, which will not be executed if any checks fail. "

       I counld'nt find anything about those "security checks". i'd appreciate it if you guys help me with a link or
       any details.

       --
         Sincerely
       A. Ghanavatian <http://www.google.com/__profiles/ghanavatian.ali <http://www.google.com/profiles/ghanavatian.ali>>




       ------------------------------__------------------------------__------------------
       Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
       user administration capabilities and model configuration. Take
       the hassle out of deploying and managing Subversion and the
       tools developers use with it. http://p.sf.net/sfu/wandisco-__d2d-2 <http://p.sf.net/sfu/wandisco-d2d-2>



       _________________________________________________
       cgiwrap-users mailing list
       cgiwrap-users@lists.__sourceforge.net <mailto:cgiwrap-users@lists.sourceforge.net>

       https://lists.sourceforge.net/__lists/listinfo/cgiwrap-users
       <https://lists.sourceforge.net/lists/listinfo/cgiwrap-users>


   --
   ------------------------------__------------------------------
   Nathan Neulinger nneul@neulinger.org <mailto:nneul@neulinger.org>

   Neulinger Consulting                   (573) 612-1412




--
 Sincerely

--
------------------------------------------------------------

Nathan Neulinger                       nneul@neulinger.org
Neulinger Consulting                   (573) 612-1412



--
 Sincerely
A. Ghanavatian