On Fri, Apr 03, 1998 at 02:13:51AM +0800, chas wrote:
Since a CGI script is executed with Nobody's (the web
server's) privilegies, how it can run Administrator
commands like useradd ?
One suggestion I've had was running the webserver
as root but this seems to be considered
not a good thing by and large. I was just looking
at updating user records and DNS records in such
There is a "SetUID" patch you can apply to Apache seperately which will
execute CGIs under their author's ownership, assuming certain security
restrictions are met.
If you want to call a suid program from your CGI, using your CGI programme
as something of a security wrapper, I think that might work nicely too,
though I've never tried this.
// dannyman yori aiokomete || Our Honored Symbol deserves
\\/ http://www.dannyland.org/~dannyman/ || an Honorable Retirement (UIUC)
To Unsubscribe: send mail to majo...@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message