Thread: Simple CGI Wrapper for subdomain
View Single Post
  #5 (permalink)  
Old 06-07-2006, 12:11
Enigma Enigma is offline
Junior Member
  
Join Date: Jul 2006
Posts: 4
Default
I don't think you're quite understanding my issue.

Suppose we have the following website hosting directory structure (with unix permissions shown):
Code:
[d] 755 website hosting/
[d] 755         public_html/
[d] 755                     cgi-bin/
[f] 755                            root-domain-script.cgi
[d] 755                     scgi-bin/
[f] 755                              root-domain-wrapped-script.cgi
[d] 755                     subdomain/
[d] 755                               cgi-bin/
[f] 755                                       subdomain-script.cgi
[d] 755                               safe-user-writable-folder/
[d] 777                               unsafe-world-writable-folder/
And the cgi scripts are identical perl scripts containing the following code (forgive me if the perl is incorrect - I'm not that experienced with it - but the intent should be clear):
Code:
#!/usr/bin/perl -w

open(SAFEFILE, ">", "/website/public_html/subdomain/safe-user-writable-folder/temp");
open(UNSAFEFILE, ">", "/website/public_html/subdomain/unsafe-world-writable-folder/temp");

while (read (STDIN, $LINE, 4096))
{
	if (SAFEFILE)
	{
		print SAFEFILE $LINE;
	}
	if (UNSAFEFILE)
	{
		print UNSAFEFILE $LINE;
	}
}
close (SAFEFILE);
close (UNSAFEFILE);

exit(0);
Now root-domain-script.cgi will successfully create the file /website/public_html/subdomain/unsafe-world-writable-folder/temp, but will fail to create the file /website/public_html/subdomain/safe-user-writable-folder/temp. This is because scripts, regardless of who owns the script file, are run by the webserver and therefore are run by default with the webservers user id, which is "nobody" and "nobody" does not have permission to write to the folder safe-user-writable-folder.

This situation is exactly the same for subdomain-script.cgi.

root-domain-wrapped-script.cgi however will run not with the webserver user id but with the script owner's user id, thanks to simple CGI wrapper, and will therefore successfully create both files.

What I would like is to be able to have a directory structure like:
Code:
[d] 755 website hosting/
[d] 755         public_html/
[d] 755                     cgi-bin/
[f] 755                            root-domain-script.cgi
[d] 755                     scgi-bin/
[f] 755                              root-domain-wrapped-script.cgi
[d] 755                     subdomain/
[d] 755                               cgi-bin/
[f] 755                                       subdomain-script.cgi
[d] 755                               scgi-bin/
[f] 755                                        subdomain-wrapped-script.cgi
[d] 755                               safe-user-writable-folder/
With the additional scgi-bin directory and subdomain-wrapped-script.cgi in the subdomain folder.
Reply With Quote