[WM] WebMake CGI and setuid

Matt Okeson-Harlow mharlow at grephead.com
Tue Jan 6 23:08:01 GMT 2004 

hmmm

/disk2/sites/blah/site.wmk
/disk2/sites/blah/text/.htacess
/disk2/sites/blah/text/webmake.cgi

does that make sense and does that answer any questions?

On Tue, Jan 06, 2004 at 02:59:45PM -0800, Justin Mason wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Matt Okeson-Harlow writes:
> >a little stumped here...
> >
> >webmake.cgi will open the the .wmk file, i can browse to the files, edit one, click on save and then:
> >
> >Warning: This site can only be edited by authenticated users.
> >
> >am i missing something here?  do you HAVE to use CVS with the webmake.cgi?
> >i am authenticating using .htaccess
> >up until i hit save, it says i am logged in as the user i auth'ed as.
> 
> That error shouldn't be affected by use (or not) of CVS; it appears if
> the htaccess user-authentication has not taken place.
> 
> Is there a possibility it's going to a URL that is *not* under the
> htaccess' "user auth required" realm?
> 
> - --j.
> 
> >webmake 2.4 
> >
> >ii  apache         1.3.29.0.1-3   Versatile, high-performance HTTP server
> >ii  apache-common  1.3.29.0.1-3   Support files for all Apache webservers
> >ii  apache-utils   1.3.29.0.1-3   Utility programs for webservers
> >ii  apachetop      0.7-3          Realtime Apache monitoring tool
> >ii  libapache-mod- 1.27-4         Integration of perl with the Apache web serv
> >
> >Debian GNU/Linux testing/unstable
> >
> >This is perl, v5.8.2 built for i386-linux-thread-multi
> >
> >On Fri, Jan 02, 2004 at 08:02:28PM -0800, Justin Mason wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >> 
> >> 
> >> Wes Meltzer writes:
> >> > Hey all.
> >> > 
> >> > I have an interesting question for you: I want to run the WebMake CGI on
> >> > my virtual host server (my ISP's system).
> >> > 
> >> > What do I need to do to get the CGI to be able to actually write files
> >> > out? 
> >> > 
> >> > I've always had trouble on my own computer with this, and have solved
> >> > the problem by using 777 permissions on that directory, but that's
> >> > because my web server's only running on my laptop when I need it to be
> >> > and it can be pretty secure as a result.
> >> > 
> >> > Should I be running WebMake setuid as the webserver, or something like
> >> > that? Do I need to put it in a specific place?
> >> 
> >> Hi Wes --
> >> 
> >> I generally make sure that the files and directories webmake will be 
> >> writing to, are writable by the user it will run as, and that the
> >> files and dirs it's reading are readable by same.
> >> 
> >> It doesn't really then matter who it runs as ;)
> >> 
> >> If you edit all the stuff via the CGI, you can just make sure it's
> >> writable by *just* the CGI user.  That's easy.
> >> 
> >> Alternatively, if you want to be able to edit as yourself *and* the CGI
> >> user, then making them writable by both users is a better idea; I've made
> >> a WM site writable by several users in the past by making both users share
> >> a UNIX group, chgrp the existing files and dirs to be owned by that group,
> >> and set g+s permissions on the dirs so that new files/dirs use that group.
> >> A bit messy though.
> >> 
> >> Another solution is the "suexec" wrapper that Apache uses, which
> >> ensures that CGIs run as your own userid.  Most largeish virtual
> >> host providers use this, so that's most likely.
> >> 
> >> - --j.
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.2.2 (GNU/Linux)
> >> Comment: Exmh CVS
> >> 
> >> iD8DBQE/9j7TQTcbUG5Y7woRAq/ZAJ4klrf9RAV4iQyhqIU1ntSonO7LIQCeIx46
> >> 41ZzwoACNh/dujkHOkv0uhs=
> >> =tnrz
> >> -----END PGP SIGNATURE-----
> >> 
> >> _______________________________________________
> >> Webmake-talk mailing list
> >> Webmake-talk at taint.org
> >> http://webmake.taint.org/mailman/listinfo/webmake-talk
> >
> >-- 
> >matt okeson-harlow
> >mharlow at grephead dot com
> >_______________________________________________
> >Webmake-talk mailing list
> >Webmake-talk at taint.org
> >http://webmake.taint.org/mailman/listinfo/webmake-talk
> >
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
> Comment: Exmh CVS
> 
> iD8DBQE/+z3hQTcbUG5Y7woRAobvAJsF5G7aWoCKqWWvTPeiZmMXM4soIwCfc6U3
> jQMyD58ceUB4bXzNxb6gjYA=
> =f6Jw
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Webmake-talk mailing list
> Webmake-talk at taint.org
> http://webmake.taint.org/mailman/listinfo/webmake-talk

-- 
matt okeson-harlow
mharlow at grephead dot com

More information about the Webmake-talk mailing list