[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] cgiwrap users

Subject: RE: [cobalt-security] cgiwrap users
From: "Simon Watts" <simon@xxxxxxxxxxx>
Date: Fri, 8 Jun 2001 01:15:43 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>So in configuring a piece of web usage/logging software I am running
>into problems regarding cgiwrap.  If I want to install the CGIs
>associated with the package to be run as http://www.myhost.com/cgi-
>bin/Software/logging.cgi I need to put the CGIs in
>/home/sites/home/web/cgi-bin/Software and they must be owned by admin to
>run, otherwise cgiwrap throws an error stating that, for example:
>
>"Execution of (nobody) is not permitted for the following reason:
>
>                          User not Privileged."
>
>Does anyone know how to work around this and/or where the cgiwrap config
>files are so I may add user nobody into the permissions list?

>--dave worth                  [   davew@xxxxxxxxxx    ]
>Perl Programmer for MIS Inc.  [ http://www.misinc.net ]



I take it that as your cgiwrap error is occuring because the script is
trying to run as "nobody" then you must have FP ext. installed on the
virtual Site?
On my RAQ4 I host a number of my own client sites managed and uploaded via
FP which use scripts loaded into a cgi-bin directory.

The workaround I have found is as follows;
Create an empty subweb within Frontpage called "cgi-bin"
Upload site (include subwebs)

Manually ftp scripts and all other files into cgi-bin

Telnet in (sorry ssh!) and su to root
chown cgi-bin to admin and chmod 755, or whatever is required (I find that
755 is OK for all mine)
chown and chmod the relevant files inside cgi-bin to match the script
requirements (I tend to run all as admin as they are all *my* sites and I
get less cgiwrap errors)
If you place an index.htm file into the cgi-bin or any subsequent
subdirectory it must be chown nobody, otherwise FP will spit its dummy out!
but it doesn't seem to mind the existence of .cgi and .pl files residing
inside this folder which are not chown nobody

Finally upload site AGAIN via FP, but this time do not select to upload
subwebs.
FP will still check the permissions of htm files within the subweb
directories but will not attempt to modify them so uploads will then carry
on in peace. FP will never worry what is in the cgi-bin and you shouldn't
get any wrap errors.

For what it's worth.....*******DO NOT ATTEMPT TO UPLOAD CGI & PL FILES VIA
FrontPage. It does not properly upload in pure ASCII format. These file
types should always be uploaded via ftp in ascii mode, not in auto-detect.
Placing them into a Frontpage Subweb allows you to upload via FTP without
any excessive interference by FP



Regards

Si Watts
SiWIS
http://www.siwis.co.uk

Don't just think global, THINK LOCAL!



_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

References:
- [cobalt-security] cgiwrap users
  - From: Dave Worth

Prev by Date: SV: [cobalt-security] [RaQ3] Port Sentry
Next by Date: Re: [cobalt-security] [RaQ3] Port Sentry
Previous by thread: Re: [cobalt-security] cgiwrap users
Next by thread: Re: [cobalt-security] [RaQ3] Port Sentry

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index