ownership

Ivan Kohler ivan at sisd.com
Tue Dec 29 00:25:11 PST 1998


The web interface needs to run as the freeside user.  There are several
ways to do this.

You can use Perl's setuid emulation.  This is a compile-time option; you
know if it is enabled on a prepackaged perl if you have a
/usr/bin/suidperl.  See the "Security Bugs" section of the perlsec
manpage.  In this case, you need to set the setuid bit on the .cgi's
(mode 4755, or 4754 if you setup groups)

You can use Apache's suEXEC feature.  See
http://www.apache.org/docs/suexec.html.  In this case, you should not set
the setuid bit on the .cgi's (mode 755 or 754 if you setup groups).

You can setup groups by setting the gid Apache runs as to a freeside
group, which would own the .cgi's.

Hope that helps.

On Mon, Dec 28, 1998 at 11:25:45AM +0000, gleggans wrote:
> it seems that all the files for the scripts are owned by freeside
> however all are in the group nogroup would this matter
> in the ownership of the files or in the setuid part of the script?
> 

-- 
Ivan Kohler <ivan at sisd.com> - finger for PGP key - <moc.dsis at navi> relhoK navI
Open-source billing and administration for ISPs - http://www.sisd.com/freeside
20 4,16 * * * saytime # please don't be surprised if you find me dreaming too



More information about the freeside-users mailing list