I am trying to run a CGI script that can open /var/log/httpd/access_log for
reading and parse some data from it. (This is on a dedicated machine.)
The file /var/log/httpd/access_log is owned by root, but that's not the
problem. I have other files owned by root that are in the /var/www/html
directory and CGI scripts can read those with no problem (because they are
world-*readable*, just like /var/log/httpd/access_log is). The problem is
that apparently CGI scripts cannot open any files for reading that are
located outside of /var/www . How can I change this setting so that the
CGI scripts can also access files in /var/log/httpd ?
The other option would be to set the CGI script to run as setuid. This is
how I've gotten this to work on some other dedicated machines. But on this
machine, the setuid bit is not honored and setuid scripts still run as
nobody. If anybody can tell me how to change this setting so that the
setuid bit is honored, that will work too.
(Every time I ask about that, a bunch of people tell me that "running
setuid scripts is a security hole". But nobody can ever say exactly why --
if a CGI script doesn't accept any input and only does what I've programmed
it to do, then what difference does it make if a stranger invokes it as
root? It just does the same thing as when I run it as root. So if you
know how to change the system-wide setting to make setuid scripts run as
root, that would be ideal.)
-Bennett
[EMAIL PROTECTED] http://www.peacefire.org
(425) 497 9002
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
