summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorJulian Blake Kongslie <jblake@omgwallhack.org>2010-12-27 14:09:02 -0800
committerJulian Blake Kongslie <jblake@omgwallhack.org>2010-12-27 14:09:02 -0800
commitef695be134b8046c8b05cfe6c47f8856b7108c77 (patch)
tree6ba59f558d11f3bcfb8b82da104abae149ee9200 /docs
parentfadbff800f910475df98af9aac683935ea7175e8 (diff)
parent3e9915449ee56f3b3c8106cb8b36ceb117d2d242 (diff)
downloadpiny-code-ef695be134b8046c8b05cfe6c47f8856b7108c77.tar.gz
piny-code-ef695be134b8046c8b05cfe6c47f8856b7108c77.zip
Merge branch 'master' of ssh://piny/srv/git/piny-code
Diffstat (limited to 'docs')
-rw-r--r--docs/issues/cgi_gateway.mdwn27
1 files changed, 27 insertions, 0 deletions
diff --git a/docs/issues/cgi_gateway.mdwn b/docs/issues/cgi_gateway.mdwn
new file mode 100644
index 0000000..3fe9abc
--- /dev/null
+++ b/docs/issues/cgi_gateway.mdwn
@@ -0,0 +1,27 @@
+* Status: [[!taglink open]] <!-- Choose one: open, closed -->
+* Assigned to: [[!taglink jblake]] <!-- Choose one or more: jrayhawk, jblake -->
+* Priority: [[!taglink now]] <!-- Choose one: now, soon, later -->
+* Opened by: jrayhawk
+
+### Discussion
+
+In order for CGIs to work with the current paradigm, we'd need some mechanism
+for Apache to execute the various pinyadmin scripts as the involved user. We can
+either do this using sudo, which would require a lot of overhead in making and
+maintaining sudoers rules, or using an suid binary that does exactly what we
+need.
+
+Requirements:
+
+* executable only by www-data
+* takes as arguments
+ * username
+ * pinyadmin command
+ * pinyadmin command arguments
+* exits if username's uid < 1000
+* exits if username violates piny username constraints (specifically git- and
+ ikiwiki- are not allowed)
+* executes with the appropriate uid/gid the specified pinyadmin command and the
+ specified arguments
+
+Obviously any input on this concept is desirable.