[cgiwrap-users] (no subject)

[Bryan R. <br...@re...>]

Hi,

Im probably looking for cgiwrap to do something it was never design to
do... but I thought I would check with the mailinglists before I go
re-inventing the wheel!

Basically, I've got an apache webserver with loads of virtual domains,
stored as /www/<domain>/<subdomain>/*.  So, http://www.my.com/hello.cgi 
would be found in /www/my.com/www/hello.cgi.

Each virtual domain directory is owned by a unique UID and a common GID,
with permissions 775. The GID is currently 999 (webadmin), and lets my
webmasters edit vhost html and cgi files. The UID is just a unique number,
but doesn't have an associated entry in the password/nis file (ergo, no
username, homedir, etc).

Further, I use mass dynamically configured virtual domain hosting using
Apache's rewrite engine. So that means no VirtualHost directives in the
conf file. By default, all directories have 'Options ExecCGI'
enabled. Once again, frowned upon by some, but it suits our circumstances.

Now, Im looking to run all cgi requests using some kind of wrapper that
will do some basic sanity checks, and then drop to setuid to the owner of
the file - in this case, the unique UID assigned to that client. I plan to
implement this using Apache's Handler directives.

So... my question is there anyway to configure/patch cgiwrap to just
setuid the owner of a cgi script without hints from the requested URL. Or
alternatively, does anyone know of a different wrapper that will handle
this kind of stuff.

Oh, just to complicate matters, I'll probably want to chroot() cgi
programs to '/www' aswell - but thats a relatively simple thing to take
care of.

Kind Regards,

Bryan.

+-----                      -++-                      -----+
| Bryan Ross                           <br...@re...> |
+----------------------------------------------------------+
|       They say the pen is mightier than the sword.       |
| (if you miss a deadline, you'd better bring the sword)   |
+----------------------------------------------------------+
|                            http://www.return0.net/bryan/ |
+-----                      -++-                      -----+