* Status: [[!taglink closed]] * Assigned to: [[!taglink jblake]] * Priority: [[!taglink now]] * Opened by: jrayhawk ### Discussion In order for CGIs to work with the current paradigm, we'd need some mechanism for Apache to execute the various pinyadmin scripts as the involved user. We can either do this using sudo, which would require a lot of overhead in making and maintaining sudoers rules, or using an suid binary that does exactly what we need. Requirements: * executable only by www-data * takes as arguments * username * pinyadmin command * pinyadmin command arguments * exits if username's uid < 1000 * exits if username violates piny username constraints (specifically git- and ikiwiki- are not allowed) * executes with the appropriate uid/gid the specified pinyadmin command and the specified arguments Obviously any input on this concept is desirable. #### jrayhawk 20110121 This appears to be done.