Re: CGI Scripts and Permissions

• To: www-security@ns2.rutgers.edu
• Subject: Re: CGI Scripts and Permissions
• From: "Andrei D. Caraman" <xax@arkenstone.pub.ro>
• Date: Wed, 13 Mar 1996 20:52:55 +0200 (EET)
• In-Reply-To: <01I28YPWJ5PKF5N8MY@dit.ie>

On Tue, 12 Mar 1996 KGANNON@dit.ie wrote:

> If these question has been asked before excuse me I am new to the game.
> 
> Has anyone had problems where they run all scripts as NOBODY (or something 
> along those lines) and users start a war deleting each others
> databases,kill  processes etc.
> 
> If anyone has a non-wrapper based solution I would be interested in hearing
> ther input.
>
Why don't you make up a special user (say www) to run the httpd. This would
stop the users from going to war and it will also let you decide what the
daemon may / may not do.  

Regards,
--
Andrei D. Caraman 
Webmaster at Data Network Center - "Politehnica" University of Bucharest
xax@arkenstone.pub.ro		   http://www.pub.ro/~xax

• CGI Scripts and Permissions
• From: KGANNON@dit.ie

• Previous: Re: Java "security holes'
• Next: Re: Java "security holes'
• Index(es):
  • Index
  • Thread