On 09-Dec-98 Kelvin Teh wrote:
>
> Thanks for all the help and reply...i know about changing the directory
> permission so that everyone can read/write to the directory but I was
> trying to avoid that...although nobody else uses my machine and i think it
> is quite safe to do that i want to avoid making bad sys admin habits by
> doing something like that...
> someone wrote something about forming a new group and put the users in
> it...does that mean that i make a new group and add users into the group
> and then chgrp the directory so that it is owned by that group?
I don't think the solution using group permission will work. This solution
still requires you to provide the group with write permission to the cgi-bin
directory, hence the users in the group will be able to modify and delete any
files in the cgi-bin directory.
The solution I've offered in my previous post using user owned directory may
offer the best security as the user will only be able to modify and delete his
own files. A slightly modified solution using symbolic links may be more
convenient.
1) As root, edit the "access.conf" file to allow symbolic links to be followed
when running cgi files.
2) As root, for each user that you wish to allow the ability to create cgi
files, run the following command.
ln -s /home/Cort/public_html/cgi-bin /<your_path>/cgi-bin/Cort
<your_path> should be replaced by the root directory for httpd. Don't forget
to replace "Cort" with the appropriate user name.
3) As a normal user, create the "~/public_html" directory and the
"~/public_html/cgi-bin" directory. Place your webpages in "~/public_html" and
your cgi scripts in "~/public_html/cgi-bin".
4) That's it. Your webpages can be accessed in
"http://www.yourserver.org/~Cort/" and the cgi script accessed in
"http://www.yourserver.org/cgi-bin/Cort/".
This solution is still not perfect as all the script will be ran as nobody, but
it's the best that I can come up with.
Cort
[EMAIL PROTECTED]
