|
Stefan C. Kremer
skremer at q.cis.uoguelph.ca
Thu Apr 29 11:48:44 EST 2004
Hi, I am porting a series of web-pages/CGI scripts to mod python. I've really enjoyed this and have even managed to cobble together my own request handler that suits my purposes very well. The one thing that has always bother me is how to duplicate the functionality I previously had with setuid CGI scripts. For example if I want to read or write to a file on the server side or connect to a database on the server, I used to create CGI scrips that were either themselves setuid or were called from a CGI wrapper that was setuid. This gave the ability to run certain operations with a power greater than that of the "nobody/apache" user, but still restrict access to virtually every other resource on my machine (by creating a user that is slightly more powerful than the "nobody" user). I realize that my mod_python script can call an executable wrapper with setuid on which in tern calls another python script, but that seems kind of painful. Is there a better solution? Stefan P.S. This is a great list. I am amazed by the number of repliers who are highly knowledgible, patient and polite. -- Permanently Temporarily (Until Aug. 2004) Dr. Stefan C. Kremer, Associate Prof. Visiting Researcher Reynolds Building, 106 307 Computer Science/Engineering Bldg Dept. of Computing & Info. Science School of Info. & Computer Science University of Guelph, Guelph, Ontario U of California at Irvine, Irvine, CA N1G 2W1 92697-3425 Tel: (519)824-4120 Ext.58913 Fax: (519)837-0323 WWW: http://q.cis.uoguelph.ca/~skremer E-mail: skremer at uoguelph.ca
|