Update of /cvsroot/tmda/tmda/contrib/cgi
In directory sc8-pr-cvs1:/tmp/cvs-serv21769
Added Files:
INSTALL
Log Message:
Install instructions and information about operating modes.
--- NEW FILE ---
INSTALLING tmda-cgi
===================
tmda-cgi can be created in one of three ways:
[1] To run system-wide, for any user with a login account.
[2] To run in single-user mode, for one specific user.
[3] To run in no-su mode.
"no-su" mode means that the CGI is executed with no additional privileges
(usually as user "nobody"). This is the safest way to run a CGI since the
nobody user has almost no privileges.
The downside of no-su mode is that to be able to access files in your account,
you will have to make them globally accessible. That means that other users on
the system may be able to read e-mail in your pending directory, delete e-mail
from your pending directory, modify/forge e-mail in your pending directory, and
possibly other nasty pitfalls we have yet to think up.
If you trust the code not to have any security flaws, then your simplest plan is
to run in system-wide or single-user mode.
If you don't trust the code and you do trust the other users on your system,
then your best plan is to run in no-su mode.
If you don't trust the code and you don't trust the other users on your system,
do not use tmda-cgi.
PASSWORDS
=========
tmda-cgi currently authenticate logins against user name & password pairs stored
in a password file (or files). tmda-cgi will look in two different places for
password file(s), but it (they) must be readible by the CGI.
If you are running in system-wide mode, the password file can be owned by root.
If you are running in single-user mode, the password file can be owned by the
user who will be running the CGI. If you are running in no-su mode, the file
must either be owned by "nobody" (or whatever user your web server is con-
figured to run as) or made globally readible.
tmda-cgi first checks ~user/.tmda/tmda-cgi for a readible file and then tries
/etc/tmda-cgirc if it can't find a match or cannot read the file. This allows
the system administrator to keep a list of access passwords while allowing the
user to override what the sysadmin has set.
The password file for tmda-cgi is formatted in much the same way as the password
file for tofmipd. In fact, if you are using a password file with tofmipd and
you wish to run tmda-cgi in system-wide mode, feel free to make a symbolic link
between the two:
# ln -s /etc/tofmipd /etc/tmda-cgi
Password files for tmda-cgi look like:
<user1>:<password1>
<user2>:<password2>
where each item in <> is replaced with text. The difference between this
password file and the one for tofmipd is that the file does not need to have
permissions of 400 or 600. If you, for example, are running in no-su mode, you
will have to make your password file globally readible. To keep the pass- words
secure, tmda-cgi will assume all passwords are DES encrypted if the file
permissions are anything other than 400 or 600. Plaintext passwords will NOT
work in such cases. Additionally, any entry with a blank password field, such
as:
cantlogin:
will be prohibited from login, regardless of the file permissions.
xcontrib/cgi/genpass.py is provided for encrypted password generation. Output
from genpass.py can be safely piped with > or >> into a password file.
INSTALLING SYSTEM-WIDE
======================
As root, change to the cgi directory.
# cd contrib/cgi
Compile tmda-cgi
# make
Move the binary file to a web directory that is configured to execute CGI. The
filename you use is completely up to you. For example:
# mv tmda-cgi /path/to/cgi-bin/directory
or
# mv tmda-cgi /path/to/webpage/directory/index.cgi
I recommend you use mv instead of cp. If you prefer to copy the file instead of
moving it, be sure you use the -p option to copy the permissions as well.
You should now be able to surf up tmda-cgi and log in with any login name in
your password file(s).
INSTALLING SINGLE-USER
======================
As the (only) user who will be able to access tmda-cgi, change to the cgi
directory.
$ cd contrib/cgi
Compile tmda-cgi
$ make
Move the binary file to a web directory that is configured to execute CGI. The
filename you use is completely up to you. For example:
$ mv tmda-cgi /path/to/cgi-bin/directory
or
$ mv tmda-cgi /path/to/webpage/directory/index.cgi
I recommend you use mv instead of cp. If you prefer to copy the file instead of
moving it, be sure you use the -p option to copy the permissions as well.
You should now be able to surf up tmda-cgi and log in with the login name
specified in your password file.
INSTALLING NO-SU
================
Change to the cgi directory.
$ cd contrib/cgi
Compile tmda-cgi
$ make no-su
Move the binary file to a web directory that is configured to execute CGI. The
filename you use is completely up to you. For example:
$ mv tmda-cgi /path/to/cgi-bin/directory
or
$ mv tmda-cgi /path/to/webpage/directory/index.cgi
I recommend you use mv instead of cp. If you prefer to copy the file instead of
moving it, be sure you use the -p option to copy the permissions as well.
You should now be able to surf up tmda-cgi and log in with any login name in
your password file(s) and use the system.
_______________________________________
tmda-cvs mailing list
http://tmda.net/lists/listinfo/tmda-cvs
