[thelist] Perl script as root
Dean Mah
dmah at shaw.ca
Thu Feb 14 11:44:00 CST 2002
Or you can change your single CGI script with wrapper into a setuid
script to allow individual scripts started from the Web server run as
the owner of the script. See:
http://evolt.org/article/UNIX_File_Permissions_and_Setuid_Part_2/18/263/index.html
for an example.
Dean
Keith writes:
> If your browser initiated scripts are running as *nobody* then you
> have to change the permissions on the file that the script will write
> to. If the file is owned by *root* it will need rw-rw-rw permissions so
> that *nobody* can write to it. Be forewarned Chris, if you do that
> anyone who has scripting access to your server will also be able to
> write a script that will also have rw ability on that file.
>
> The usual way to handle a situation where a browser initiated script
> needs to write to a file that is owned by *root* is to have the script
> write to a temp file. Then run a cron on a second *root* owned
> script that moves the entries from the temp file to the *root* owned
> file. Cron jobs run as the owner of the script and therefore scripts
> run that way are not limited by the web server to run as *nobody*.
More information about the thelist
mailing list