Fellow monks,

A somewhat foolish problem I've gotten myself into.

I have a complex CGI script that likes to create DB_Files with it needs to save information, say, if a new user comes along and we need to log him. Actually, for the sake of clarity, this is a light-weight mailing list manager that I work on and people really love. For each list it managers, it creates (among other things) a DB_File that holds preferences and a text file that holds all the subscribers.

These files are created by the cgi script, usually in a directory that is chmod'd to 777.

This is all well and good and works sparkling, until I try to interact and use these files when running another script interactivly, or when the script is owned by me, and not nobody as the files are, since they're created by the cgi script.

For example, You can create a mailing list via the web browser, the mailing list files will be created, with the owner of 'nobody'. Now, if I have an aliased email address that pipes to a script that wants to open up the subscriber list to send out to everyone, it won't work, since this script is owned by me.

Is there a way that I can do this? Here's me scenario, I won't be given root access, so I can't chown() anything. I guess I could have the mailing list files chmoded to 777 on creation, but that seems a bit bad (security wise), but how much worse is that then having the directory at 777 as well?

I didn't run into this problem while developing, since my host runs SuEXEC, so my scripts are run by me, all the time. Is there a way to run SuEXEC on a per account basis that the owner of this account can change (something in a .htaccess file, perhaps)? Is there a way, say in procmail, to tell procmail to pipe to a script and then run the script from another user (nobody)

These are some things I'm thinking of, but haven't made a solid conclusion on how to fix this little problem.

any wisdom and help would be much appreciated.

 

-justin simoni
!skazat!

In reply to CGI Script Created Files Playing Nicely by skazat

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.