Hello. I am looking for input from anyone who has successfully run an
institutional web server using AFS and provided users the ability to create
web interfaces to persistent data. The hard part is ensuring that customer
CGI programs are the only processes allowed to modify that data and that
no-one else with an AFS account can get at it through CGI programs in their
own directory. Non-AFS systems solve this with setuid, which is not
available on AFS. I am talking about a centralized web server which is
administered by AFS admins, no user access allowed to local disk space.
We have a couple of theoretical solutions already, so I really want to
constrain the answers to solutions that have been proven in
practice. Bonus points if yours works with load balancing or round-robin
type web server multiplexing. Thanks in advance.
--
Peter Scott
[EMAIL PROTECTED]
