This is a multi-part message in MIME format.
------_=_NextPart_001_01CA2141.616068FC
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi
I have a need to run various CGI scripts as different OS users, perhaps
by Apache directory or via Apache virtual hosts. This isn't for security
reasons, but because we need to interact with different OS environments
via a web interface, and each environment will require a different OS
user. I should point out that this is on a departmental, low volume
server. Only our team has access to the server - via the web interface
or via ssh. We're using Apache on Redhat 5.3. Due to our support
contract, we must use the vendor's HTTP server rather than compile from
source.
The solution I tried used suexec. But it does things like sanitise the
environment, including variables I need like ORACLE_HOME and ORACLE_SID.
And since mod_perl is bundled with Redhat Apache, I figure that maybe it
would be possible to write an mp handler that does a similar job to
suexec but without all the security features I guess suexec includes for
shared hosts and public websites.
So my next is - how do I do this? If I simply set my euid within the
handler, won't I effectively be changing the uid of the httpd process?
So could I save my uid, change it to when the CGI script is being
executed, and then change it back again? Advice appreciated.
Thanks
Dan
Attention:
This email together with any attachments is confidential.
If you are not the intended recipient please delete the
message and notify the sender. Any views or opinions
presented are solely those of the author and will not
necessarily reflect the views of Meridian Energy.
************** PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING **********=
***
------_=_NextPart_001_01CA2141.616068FC
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii"=
>
<META content=3D"MSHTML 6.00.2900.3603" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D564181502-20082009><FONT face=3DArial
size=3D2>Hi</FONT></SPAN></DIV>
<DIV><SPAN class=3D564181502-20082009><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D564181502-20082009><FONT face=3DArial size=3D2>I have =
a need to run
various CGI scripts as different OS users, perhaps by Apache directo=
ry or
via Apache virtual hosts. This isn't for security reasons, but because we=
need
to interact with different OS environments via a web interface, and each =
environment will require a different OS user. I should point out that thi=
s is on
a departmental, low volume server. Only our team has access to the server=
- via
the web interface or via ssh. We're using Apache on Redhat 5.3. Due to ou=
r
support contract, we must use the vendor's HTTP server rather than compil=
e from
source.</FONT></SPAN></DIV>
<DIV><SPAN class=3D564181502-20082009><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D564181502-20082009><FONT face=3DArial size=3D2>The sol=
ution I tried
used suexec. But it does things like sanitise the environment, including =
variables I need like ORACLE_HOME and ORACLE_SID. And since mod_perl is b=
undled
with Redhat Apache, I figure that maybe it would be possible to write an =
mp
handler that does a similar job to suexec but without all the security fe=
atures
I guess suexec includes for shared hosts and public
websites.</FONT></SPAN></DIV>
<DIV><SPAN class=3D564181502-20082009><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D564181502-20082009><FONT face=3DArial size=3D2>So my n=
ext is - how
do I do this? If I simply set my euid within the handler, won't I effecti=
vely be
changing the uid of the httpd process? So could I save my uid, change it =
to when
the CGI script is being executed, and then change it back again? Advice
appreciated.</FONT></SPAN></DIV>
<DIV><SPAN class=3D564181502-20082009><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D564181502-20082009><FONT face=3DArial
size=3D2>Thanks</FONT></SPAN></DIV>
<DIV><SPAN class=3D564181502-20082009><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D564181502-20082009><FONT face=3DArial
size=3D2>Dan</FONT></SPAN></DIV>
<DIV><SPAN class=3D564181502-20082009><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D564181502-20082009><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><STRONG><FONT face=3DVerdana>Attention:</FONT></STRONG></DIV>
<DIV><FONT face=3DVerdana></FONT> </DIV>
<DIV><FONT face=3DVerdana>This email together with any attachments is
confidential. If you are not the intended recipient please delete the mes=
sage
and notify the sender. Any views or opinions presented are solely those o=
f the
author and will not necessarily reflect the views of Meridian Energy.
</FONT></DIV>
<DIV><FONT face=3DVerdana></FONT> </DIV>
<DIV><FONT face=3DVerdana></FONT> </DIV><FONT face=3DVerdana>*******=
*******
PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING ************* </FONT=
>
<DIV> </DIV>
<DIV><FONT face=3DVerdana></FONT> </DIV>
<DIV></DIV>
</BODY></HTML>
------_=_NextPart_001_01CA2141.616068FC--
