LISTSERV - HP3000-L Archives

HP3000-L Archives

June 2001, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L June 2001, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: HTTPD -> PERL -> CI script that thinks it is local to an accountother than APACHE?
From:	Mark Bixby <[log in to unmask]>
Reply To:	Mark Bixby <[log in to unmask]>
Date:	Tue, 26 Jun 2001 15:40:30 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (48 lines)

MICHAEL HOOPER wrote:
>
> I am hoping someone can help me solve a problem. I am running an existing
> mpe script that expects its files to be local to the account in which it is
> running from, I am running it from a web page, that calls a perl script that
> uses system("callci 'mycallci myscript'"). I need a way for this script to
> run from its local environment even though it is really being run from
> www.apache.  My attempt is below:
>
> I wrote a "mycallci" script that does this:
> anyparm cmd
> main.pub.vesoft "many\chlogon s,u.a\run ci.pub.sys;info='!cmd';parm=2",1
>
> This causes a system abort :(
>
> Has anybody solved this w/o using chlogon or mpex?  In the end, the script I
> am running needs to text in a file with qedit and keep it.  I am trying to
> implement this w/o having to add SM to www.apache or change the existing
> script. Simply changing access to (r,w,x,a,s:any) and releasing the texted
> in file still gives a security error on the keep.  Ideas?
>
> Environment:
> OS = MPE/ix 6.5
> Perl = 1.5....
> Apache = 1.3.9

Sounds like you need Curtis Larsen to finish his port of Apache suexec so that
CGIs can be invoked as some other user instead of the Apache web server job
user.  ;-)

But short of that, adjusting securities can be a viable approach.  Remember,
Apache is a POSIX program, and POSIX programs view everything as a hierarchical
file system composed of files and directories.  Since you are trying to create
a file, you will need to have modify access to the directory that will be
containing the file.  Just altering the security on the file won't be enough --
you must also alter the directory security.

MPE accounts and groups have somewhat limited security functionality in POSIX.
If you instead put your files into an HFS directory, you can use the full power
of ACDs to control security, including adding access rights on a USER.ACCOUNT
basis, i.e. WWW.APACHE.
--
[log in to unmask]
Remainder of .sig suppressed to conserve scarce California electrons...

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU