Monks,
I am after your wisdom again. I am currently trying to complete a Web Application that will run on a Unix Server.
The Application creates a CPIO archive from a selection of files. I have managed to get the CPIO to function correctly but I now need to delete the files once they have been added into the archive.
The problem is that the webserver (currently Apache 1.3) is running under an account I have created called cm with a group called cm_staff. This user dose not have access to remove the files.
I can’t change the permissions on the file because they are created by a software application we use, with the permissions set to –r-x-r-x—so only the owner can remove / chmod / modify them.
I have done a search and I found several nodes including changing user mid-script which explains about setuid, however it says that there are security issues and that you also have to be root.
Is there any way to change user using a web application so I can remove these files?? I can ask the user for their password, but I cant get the web server to run perl scripts under any other user name.
I have had a look at the code for Webmin for inspiration as it is able to run many things as different users when required, however I don’t understand how it can be done.
The application is currently running on a Linux box with Perl 5.6.1 but will end up on a HP-UX Unix machine.
Could any one point me in the right direction? I see that webmin uses its own Webserver written in perl. Is this the key to how it works?
If not it looks like I might have to use something like Net::FTP to log back into the server with the correct user and delete the files that way however there has to be a better solution than this?
Many thanks for your time.
Alistair
In reply to Running Web Apps as another user by allyc
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |