[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Http server with authenticated user suexec cgi's

Hi All

I have been playing with scripts to implement some "intranet 
functions" via a webrowser cgi interface.

However I quicky run into a problem with all cgi scripts running with 
a single uid/gid (normally that of the apache server). To make things 
work, I must give the httpd server user more rights than I want to 
(or make the cgi's suid root).

What I am looking for is an httpd server + session manager that will:

- Serve a default login page.

- Authenticate a user via the system password files.

- Setup a session for that user and keep track of that session.

- Set the uid/gid of all cgi's launched on behalf of that user, to be 
the uid/gid of that user.

The idea is to be able to write simple cgi's to do things like modify 
a ".forward" file, or connect to a database with that user's gid/uid.

Has anybody been down this road before?

One idea, I notice that the ftp server always runs with the uid of 
the user, once the user has been authenticated.  I wonder if one 
could use an ftp server to launch cgi scripts? Would the browser 
still display the resulting html correctly?


Ian Forbes ZSD
Office: +27 21 683-1388  Fax: +27 21 674-1106
Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa

Reply to: