diff options
author | Julian Blake Kongslie <jblake@omgwallhack.org> | 2010-12-27 14:09:02 -0800 |
---|---|---|
committer | Julian Blake Kongslie <jblake@omgwallhack.org> | 2010-12-27 14:09:02 -0800 |
commit | ef695be134b8046c8b05cfe6c47f8856b7108c77 (patch) | |
tree | 6ba59f558d11f3bcfb8b82da104abae149ee9200 /docs | |
parent | fadbff800f910475df98af9aac683935ea7175e8 (diff) | |
parent | 3e9915449ee56f3b3c8106cb8b36ceb117d2d242 (diff) | |
download | piny-code-ef695be134b8046c8b05cfe6c47f8856b7108c77.tar.gz piny-code-ef695be134b8046c8b05cfe6c47f8856b7108c77.zip |
Merge branch 'master' of ssh://piny/srv/git/piny-code
Diffstat (limited to 'docs')
-rw-r--r-- | docs/issues/cgi_gateway.mdwn | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/docs/issues/cgi_gateway.mdwn b/docs/issues/cgi_gateway.mdwn new file mode 100644 index 0000000..3fe9abc --- /dev/null +++ b/docs/issues/cgi_gateway.mdwn @@ -0,0 +1,27 @@ +* Status: [[!taglink open]] <!-- Choose one: open, closed --> +* Assigned to: [[!taglink jblake]] <!-- Choose one or more: jrayhawk, jblake --> +* Priority: [[!taglink now]] <!-- Choose one: now, soon, later --> +* Opened by: jrayhawk + +### Discussion + +In order for CGIs to work with the current paradigm, we'd need some mechanism +for Apache to execute the various pinyadmin scripts as the involved user. We can +either do this using sudo, which would require a lot of overhead in making and +maintaining sudoers rules, or using an suid binary that does exactly what we +need. + +Requirements: + +* executable only by www-data +* takes as arguments + * username + * pinyadmin command + * pinyadmin command arguments +* exits if username's uid < 1000 +* exits if username violates piny username constraints (specifically git- and + ikiwiki- are not allowed) +* executes with the appropriate uid/gid the specified pinyadmin command and the + specified arguments + +Obviously any input on this concept is desirable. |