[WM] WebMake CGI and setuid

Matt Okeson-Harlow webmake at technomage.net
Tue Jan 6 22:27:01 GMT 2004 

a little stumped here...

webmake.cgi will open the the .wmk file, i can browse to the files, edit one, click on save and then:

Warning: This site can only be edited by authenticated users.

am i missing something here?  do you HAVE to use CVS with the webmake.cgi?
i am authenticating using .htaccess
up until i hit save, it says i am logged in as the user i auth'ed as.

webmake 2.4 

ii  apache         1.3.29.0.1-3   Versatile, high-performance HTTP server
ii  apache-common  1.3.29.0.1-3   Support files for all Apache webservers
ii  apache-utils   1.3.29.0.1-3   Utility programs for webservers
ii  apachetop      0.7-3          Realtime Apache monitoring tool
ii  libapache-mod- 1.27-4         Integration of perl with the Apache web serv

Debian GNU/Linux testing/unstable

This is perl, v5.8.2 built for i386-linux-thread-multi

On Fri, Jan 02, 2004 at 08:02:28PM -0800, Justin Mason wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Wes Meltzer writes:
> > Hey all.
> > 
> > I have an interesting question for you: I want to run the WebMake CGI on
> > my virtual host server (my ISP's system).
> > 
> > What do I need to do to get the CGI to be able to actually write files
> > out? 
> > 
> > I've always had trouble on my own computer with this, and have solved
> > the problem by using 777 permissions on that directory, but that's
> > because my web server's only running on my laptop when I need it to be
> > and it can be pretty secure as a result.
> > 
> > Should I be running WebMake setuid as the webserver, or something like
> > that? Do I need to put it in a specific place?
> 
> Hi Wes --
> 
> I generally make sure that the files and directories webmake will be 
> writing to, are writable by the user it will run as, and that the
> files and dirs it's reading are readable by same.
> 
> It doesn't really then matter who it runs as ;)
> 
> If you edit all the stuff via the CGI, you can just make sure it's
> writable by *just* the CGI user.  That's easy.
> 
> Alternatively, if you want to be able to edit as yourself *and* the CGI
> user, then making them writable by both users is a better idea; I've made
> a WM site writable by several users in the past by making both users share
> a UNIX group, chgrp the existing files and dirs to be owned by that group,
> and set g+s permissions on the dirs so that new files/dirs use that group.
> A bit messy though.
> 
> Another solution is the "suexec" wrapper that Apache uses, which
> ensures that CGIs run as your own userid.  Most largeish virtual
> host providers use this, so that's most likely.
> 
> - --j.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
> Comment: Exmh CVS
> 
> iD8DBQE/9j7TQTcbUG5Y7woRAq/ZAJ4klrf9RAV4iQyhqIU1ntSonO7LIQCeIx46
> 41ZzwoACNh/dujkHOkv0uhs=
> =tnrz
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Webmake-talk mailing list
> Webmake-talk at taint.org
> http://webmake.taint.org/mailman/listinfo/webmake-talk

-- 
matt okeson-harlow
mharlow at grephead dot com

More information about the Webmake-talk mailing list