Re: [cgiwrap-users] (no subject)

[Steven H. <st...@ha...>]

i wrote a patch few months back that might be of use:

http://steven.haryan.to/mod_cgiwrap/cgiwrap-3.6.4-mod_cgiwrap.patch

i also deploy cgiwrap under a dynamic virtual hosting using 
mod_vhost_alias. the patch introduces --with-docroot-owner and 
--with-docroot-mode.

--
sh

On 09/12/2001 07:43, Bryan Ross wrote:
>Hi,
>
>Im probably looking for cgiwrap to do something it was never design to
>do... but I thought I would check with the mailinglists before I go
>re-inventing the wheel!
>
>Basically, I've got an apache webserver with loads of virtual domains,
>stored as /www/<domain>/<subdomain>/*.  So, http://www.my.com/hello.cgi
>would be found in /www/my.com/www/hello.cgi.
>
>Each virtual domain directory is owned by a unique UID and a common GID,
>with permissions 775. The GID is currently 999 (webadmin), and lets my
>webmasters edit vhost html and cgi files. The UID is just a unique number,
>but doesn't have an associated entry in the password/nis file (ergo, no
>username, homedir, etc).
>
>Further, I use mass dynamically configured virtual domain hosting using
>Apache's rewrite engine. So that means no VirtualHost directives in the
>conf file. By default, all directories have 'Options ExecCGI'
>enabled. Once again, frowned upon by some, but it suits our circumstances.
>
>Now, Im looking to run all cgi requests using some kind of wrapper that
>will do some basic sanity checks, and then drop to setuid to the owner of
>the file - in this case, the unique UID assigned to that client. I plan to
>implement this using Apache's Handler directives.
>
>So... my question is there anyway to configure/patch cgiwrap to just
>setuid the owner of a cgi script without hints from the requested URL. Or
>alternatively, does anyone know of a different wrapper that will handle
>this kind of stuff.
>
>Oh, just to complicate matters, I'll probably want to chroot() cgi
>programs to '/www' aswell - but thats a relatively simple thing to take
>care of.