[cgiwrap-users] (no subject)
Brought to you by:
nneul
From: Bryan R. <br...@re...> - 2001-12-09 00:43:47
|
Hi, Im probably looking for cgiwrap to do something it was never design to do... but I thought I would check with the mailinglists before I go re-inventing the wheel! Basically, I've got an apache webserver with loads of virtual domains, stored as /www/<domain>/<subdomain>/*. So, http://www.my.com/hello.cgi would be found in /www/my.com/www/hello.cgi. Each virtual domain directory is owned by a unique UID and a common GID, with permissions 775. The GID is currently 999 (webadmin), and lets my webmasters edit vhost html and cgi files. The UID is just a unique number, but doesn't have an associated entry in the password/nis file (ergo, no username, homedir, etc). Further, I use mass dynamically configured virtual domain hosting using Apache's rewrite engine. So that means no VirtualHost directives in the conf file. By default, all directories have 'Options ExecCGI' enabled. Once again, frowned upon by some, but it suits our circumstances. Now, Im looking to run all cgi requests using some kind of wrapper that will do some basic sanity checks, and then drop to setuid to the owner of the file - in this case, the unique UID assigned to that client. I plan to implement this using Apache's Handler directives. So... my question is there anyway to configure/patch cgiwrap to just setuid the owner of a cgi script without hints from the requested URL. Or alternatively, does anyone know of a different wrapper that will handle this kind of stuff. Oh, just to complicate matters, I'll probably want to chroot() cgi programs to '/www' aswell - but thats a relatively simple thing to take care of. Kind Regards, Bryan. +----- -++- -----+ | Bryan Ross <br...@re...> | +----------------------------------------------------------+ | They say the pen is mightier than the sword. | | (if you miss a deadline, you'd better bring the sword) | +----------------------------------------------------------+ | http://www.return0.net/bryan/ | +----- -++- -----+ |