Thread: [cgiwrap-users] CGIWrap On Non-User Directories
Brought to you by:
nneul
Menu
▾
▴
cgiwrap-users
|
From: Tim G. <tj...@so...> - 2008-04-10 17:11:28
|
Hello! I'd like to use CGIWrap to execute PHP scripts as different users. The PHP scripts are not located in user's home folders. When I try to run such a script, for example: http://www.foo.com/wiki/blah/index.php I get an error that says "Couldn't find user 'wiki'." Is there any way to make CGIWrap work in this manner? Thanks! Tim Gustafson SOE Webmaster UC Santa Cruz tj...@so... (831) 459-5354 |
|
From: Tuc at T-B-O-H.N. <ml...@t-...> - 2008-04-10 22:22:21
|
> > Hello! > > I'd like to use CGIWrap to execute PHP scripts as different users. The PHP > scripts are not located in user's home folders. When I try to run such a > script, for example: > > http://www.foo.com/wiki/blah/index.php > > I get an error that says "Couldn't find user 'wiki'." > > Is there any way to make CGIWrap work in this manner? > How did you compile up cgiwrap, and whats the configuration in your webserver? Tuc |
|
From: Tim G. <tj...@so...> - 2008-04-11 15:14:20
|
Here's my configure script: ./configure --with-httpd-user=apache --with-perl=/usr/bin/perl --with-cgi-dir=.html --with-minimum-uid=1000 --with-minimum-gid=1 --with-logging-syslog=cgiwrap --with-php=/usr/bin/php-cgi --with-php-interpreter --with-install-dir=/var/www/cgi-bin/ --with-check-shell --with-rlimit-core=0 --with-rlimit-cpu=60 --without-redirect-stderr --without-logging-file --with-wall --with-local-contact-email=web...@so... --with-cgiwrapd --without-nph And here's the configuration I'm using: AddHandler cgi-wrapper .php AddHandler cgi-wrapper .cgi AddHandler cgi-wrapper .sh AddHandler cgi-wrapper .pl Action cgi-wrapper /cgi-bin/cgiwrap Tim Gustafson SOE Webmaster UC Santa Cruz tj...@so... (831) 459-5354 -----Original Message----- From: Tuc at T-B-O-H.NET [mailto:ml...@t-...] Sent: Thursday, April 10, 2008 3:22 PM To: Tim Gustafson Cc: cgi...@li... Subject: Re: [cgiwrap-users] CGIWrap On Non-User Directories > > Hello! > > I'd like to use CGIWrap to execute PHP scripts as different users. The PHP > scripts are not located in user's home folders. When I try to run such a > script, for example: > > http://www.foo.com/wiki/blah/index.php > > I get an error that says "Couldn't find user 'wiki'." > > Is there any way to make CGIWrap work in this manner? > How did you compile up cgiwrap, and whats the configuration in your webserver? Tuc |
|
From: Tuc at T-B-O-H.N. <ml...@t-...> - 2008-04-11 23:51:09
|
Hi, Still not sure how your environment is set up. Are you talking "~" based users, or Virtual Hosts for each user, or just "/directorypath/"? Are these scripts in a "centralized" directory? I'm not following how the script, if it isn't in the users home directory, is supposed to know what user to run as... Thanks, Tuc > > Here's my configure script: > > ./configure --with-httpd-user=apache --with-perl=/usr/bin/perl > --with-cgi-dir=.html --with-minimum-uid=1000 --with-minimum-gid=1 > --with-logging-syslog=cgiwrap --with-php=/usr/bin/php-cgi > --with-php-interpreter --with-install-dir=/var/www/cgi-bin/ > --with-check-shell --with-rlimit-core=0 --with-rlimit-cpu=60 > --without-redirect-stderr --without-logging-file --with-wall > --with-local-contact-email=web...@so... --with-cgiwrapd > --without-nph > > And here's the configuration I'm using: > > AddHandler cgi-wrapper .php > AddHandler cgi-wrapper .cgi > AddHandler cgi-wrapper .sh > AddHandler cgi-wrapper .pl > > Action cgi-wrapper /cgi-bin/cgiwrap > > Tim Gustafson > SOE Webmaster > UC Santa Cruz > tj...@so... > (831) 459-5354 > > > -----Original Message----- > From: Tuc at T-B-O-H.NET [mailto:ml...@t-...] > Sent: Thursday, April 10, 2008 3:22 PM > To: Tim Gustafson > Cc: cgi...@li... > Subject: Re: [cgiwrap-users] CGIWrap On Non-User Directories > > > > > Hello! > > > > I'd like to use CGIWrap to execute PHP scripts as different users. The > PHP > > scripts are not located in user's home folders. When I try to run such a > > script, for example: > > > > http://www.foo.com/wiki/blah/index.php > > > > I get an error that says "Couldn't find user 'wiki'." > > > > Is there any way to make CGIWrap work in this manner? > > > How did you compile up cgiwrap, and whats the configuration in your > webserver? > > Tuc > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > cgiwrap-users mailing list > cgi...@li... > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users > |
|
From: Jeremy C. <cg...@jd...> - 2008-04-11 00:07:23
|
If you can't manage to get cgiwrap to work in the way you'd like, there is an application called suPHP which does exactly what you desire. We use both (cgiwrap for CGIs and suPHP for PHP) in our hosting environment. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | On Thu, Apr 10, 2008 at 10:11:21AM -0700, Tim Gustafson wrote: > Hello! > > I'd like to use CGIWrap to execute PHP scripts as different users. The PHP > scripts are not located in user's home folders. When I try to run such a > script, for example: > > http://www.foo.com/wiki/blah/index.php > > I get an error that says "Couldn't find user 'wiki'." > > Is there any way to make CGIWrap work in this manner? > > Thanks! > > Tim Gustafson > SOE Webmaster > UC Santa Cruz > tj...@so... > (831) 459-5354 > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > cgiwrap-users mailing list > cgi...@li... > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users |
|
From: Tim G. <tj...@so...> - 2008-04-11 15:11:24
|
Jeremy, Thanks! I've looked into suPHP. One of my directives where I work is to only use Yum packages wherever possible, and the only Yum package for suPHP is compiled in the mode that you have to specify which user you want to execute the scripts as in the Apache configuration file, rather than using the script owner's ID, and that doesn't work for my environment. :\ Tim Gustafson SOE Webmaster UC Santa Cruz tj...@so... (831) 459-5354 -----Original Message----- From: Jeremy Chadwick [mailto:cg...@jd...] Sent: Thursday, April 10, 2008 5:07 PM To: Tim Gustafson Cc: cgi...@li... Subject: Re: [cgiwrap-users] CGIWrap On Non-User Directories If you can't manage to get cgiwrap to work in the way you'd like, there is an application called suPHP which does exactly what you desire. We use both (cgiwrap for CGIs and suPHP for PHP) in our hosting environment. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | On Thu, Apr 10, 2008 at 10:11:21AM -0700, Tim Gustafson wrote: > Hello! > > I'd like to use CGIWrap to execute PHP scripts as different users. The PHP > scripts are not located in user's home folders. When I try to run such a > script, for example: > > http://www.foo.com/wiki/blah/index.php > > I get an error that says "Couldn't find user 'wiki'." > > Is there any way to make CGIWrap work in this manner? > > Thanks! > > Tim Gustafson > SOE Webmaster > UC Santa Cruz > tj...@so... > (831) 459-5354 > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javao ne > _______________________________________________ > cgiwrap-users mailing list > cgi...@li... > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users |
|
From: Jo R. <jr...@ne...> - 2008-04-21 18:16:36
|
On Apr 11, 2008, at 8:10 AM, Tim Gustafson wrote: > is compiled in the mode that you have to specify which user you > want to > execute the scripts as in the Apache configuration file, rather > than using > the script owner's ID, and that doesn't work for my environment. :\ Just for your knowledge, *every* time I've had to help someone figure out how their site was hacked, it was due to this particular setting: "execute by the script owner's ID" The "brilliance" of this in a shared hosting environment is simple: from virtual host A, I can make a program run as user B because they own the file. Given how badly written most programs are, it's downright simple to find something owned by someone else that will accept bad input and do something you want. I simply can't fathom a useful way to do this that doesn't open the door wide open to getting hacked to pieces. Valid ways to set user-id: hardcoded in apache config per virtual host determined based on hardcoded environment data per virtual host (ie document root) -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness |
|
From: Jeremy C. <cg...@jd...> - 2008-04-11 15:56:47
|
Who maintains said packages? If a public distribution (e.g. RedHat or someone else), I'd recommend mailing the package owner and asking them to consider making builds for owner, force, and paranoid all separately. The fact someone picked paranoid as the default is truly bizarre. (I maintain the FreeBSD port for suPHP, and I specifically default to owner, for that exact reason). Of course, this is one of the problems with binary-only packages, and why building from source gives a person a lot more flexibility. :-) -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | On Fri, Apr 11, 2008 at 08:10:28AM -0700, Tim Gustafson wrote: > Jeremy, > > Thanks! I've looked into suPHP. One of my directives where I work is to > only use Yum packages wherever possible, and the only Yum package for suPHP > is compiled in the mode that you have to specify which user you want to > execute the scripts as in the Apache configuration file, rather than using > the script owner's ID, and that doesn't work for my environment. :\ > > Tim Gustafson > SOE Webmaster > UC Santa Cruz > tj...@so... > (831) 459-5354 > > > -----Original Message----- > From: Jeremy Chadwick [mailto:cg...@jd...] > Sent: Thursday, April 10, 2008 5:07 PM > To: Tim Gustafson > Cc: cgi...@li... > Subject: Re: [cgiwrap-users] CGIWrap On Non-User Directories > > If you can't manage to get cgiwrap to work in the way you'd like, there > is an application called suPHP which does exactly what you desire. We > use both (cgiwrap for CGIs and suPHP for PHP) in our hosting > environment. > > -- > | Jeremy Chadwick jdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > > On Thu, Apr 10, 2008 at 10:11:21AM -0700, Tim Gustafson wrote: > > Hello! > > > > I'd like to use CGIWrap to execute PHP scripts as different users. The > PHP > > scripts are not located in user's home folders. When I try to run such a > > script, for example: > > > > http://www.foo.com/wiki/blah/index.php > > > > I get an error that says "Couldn't find user 'wiki'." > > > > Is there any way to make CGIWrap work in this manner? > > > > Thanks! > > > > Tim Gustafson > > SOE Webmaster > > UC Santa Cruz > > tj...@so... > > (831) 459-5354 > > > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > > Don't miss this year's exciting event. There's still time to save $100. > > Use priority code J8TL2D2. > > > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javao > ne > > _______________________________________________ > > cgiwrap-users mailing list > > cgi...@li... > > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > cgiwrap-users mailing list > cgi...@li... > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users |
|
From: Tim G. <tj...@so...> - 2008-04-11 16:10:35
|
The package is on rpmforge: mod_suphp.i386 0.6.2-1.el5.rf rpmforge I agree about binary packages. Before I came here, I was a FreeBSD guy and I compiled EVERYTHING through the ports tree. Tim Gustafson SOE Webmaster UC Santa Cruz tj...@so... (831) 459-5354 -----Original Message----- From: Jeremy Chadwick [mailto:cg...@jd...] Sent: Friday, April 11, 2008 8:57 AM To: Tim Gustafson Cc: cgi...@li... Subject: Re: [cgiwrap-users] CGIWrap On Non-User Directories Who maintains said packages? If a public distribution (e.g. RedHat or someone else), I'd recommend mailing the package owner and asking them to consider making builds for owner, force, and paranoid all separately. The fact someone picked paranoid as the default is truly bizarre. (I maintain the FreeBSD port for suPHP, and I specifically default to owner, for that exact reason). Of course, this is one of the problems with binary-only packages, and why building from source gives a person a lot more flexibility. :-) -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | On Fri, Apr 11, 2008 at 08:10:28AM -0700, Tim Gustafson wrote: > Jeremy, > > Thanks! I've looked into suPHP. One of my directives where I work is to > only use Yum packages wherever possible, and the only Yum package for suPHP > is compiled in the mode that you have to specify which user you want to > execute the scripts as in the Apache configuration file, rather than using > the script owner's ID, and that doesn't work for my environment. :\ > > Tim Gustafson > SOE Webmaster > UC Santa Cruz > tj...@so... > (831) 459-5354 > > > -----Original Message----- > From: Jeremy Chadwick [mailto:cg...@jd...] > Sent: Thursday, April 10, 2008 5:07 PM > To: Tim Gustafson > Cc: cgi...@li... > Subject: Re: [cgiwrap-users] CGIWrap On Non-User Directories > > If you can't manage to get cgiwrap to work in the way you'd like, there > is an application called suPHP which does exactly what you desire. We > use both (cgiwrap for CGIs and suPHP for PHP) in our hosting > environment. > > -- > | Jeremy Chadwick jdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > > On Thu, Apr 10, 2008 at 10:11:21AM -0700, Tim Gustafson wrote: > > Hello! > > > > I'd like to use CGIWrap to execute PHP scripts as different users. The > PHP > > scripts are not located in user's home folders. When I try to run such a > > script, for example: > > > > http://www.foo.com/wiki/blah/index.php > > > > I get an error that says "Couldn't find user 'wiki'." > > > > Is there any way to make CGIWrap work in this manner? > > > > Thanks! > > > > Tim Gustafson > > SOE Webmaster > > UC Santa Cruz > > tj...@so... > > (831) 459-5354 > > > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > > Don't miss this year's exciting event. There's still time to save $100. > > Use priority code J8TL2D2. > > > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javao > ne > > _______________________________________________ > > cgiwrap-users mailing list > > cgi...@li... > > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javao ne > _______________________________________________ > cgiwrap-users mailing list > cgi...@li... > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X