Hi, I am maintaining cgiwrap (soft allowing ordinary users to run their own CGI scripts). I wonder about the proper way to handle configuration files. cgiwrap uses two configuration files : cgiwrap.(allow|deny). I consider them as conffiles. quoting from documentation: (http://cgiwrap.sf.net) "Access Control Logic * Neither file exists - Configuration Error * User in both files - Access Denied * Allow exists and user not in file - Access Denied * Deny exists and user in file - Access Denied * Otherwise - Access Allowed Basically, in order for a user to be allowed to execute scripts through cgiwrap: If the allow file exists, the user has to be in it. If the deny file exists, the user can't be in it. " I would like that cgiwrap work with ACL and that by default any user could use it. I plan to use a debconf template for that. But anyway my current question is not debconf. For now, I wonder how I can deal with these two files as regard to #220437. Quoting the bug-submitter: "I wanted all users to be allowed access by default, so I removed the cgiwrap.allow file. Ages later (when I'd completely forgotten about it) a problem occurred because that cgiwrap.allow file had been replaced during a routine upgrade [...] and by default all users were denied access." A config a la xfree[1] seems pretty heavy in this situation. Do you think I should hack on cgiwrap ? Do other packages, using the same 'user policy' exist? I don't know what to do exactly. I tried to figure out on the proper way to deal with it for a long time now. (bug was sent in last november) Some developers told me to put these files in /usr/share/doc/cigwrap/example/ but it is not acceptable to me because by default the package will not work unless the admin installs the files by hand. On the other hand, the current configuration is quite broken too. Thanks in advance, [1]: § How do the XFree86 packages manage their non-conffile configuration files like /etc/X11/X, /etc/X11/Xwrapper.config, and /etc/X11/XF86Config-4? http://necrotic.deadbeast.net/xsf/XFree86/trunk/debian/local/FAQ -- Pierre Machard <pmachard@debian.org> http://debian.org GPG: 1024D/23706F87 : B906 A53F 84E0 49B6 6CF7 82C2 B3A0 2D66 2370 6F87
Attachment:
signature.asc
Description: Digital signature