Skrevet av Emne: Private Perl modules in CGI scripts on Hermes/Hercules  (Lest 4334 ganger)

ATC

  • Gjest
Private Perl modules in CGI scripts on Hermes/Hercules
« på: 27. ſeptember 2008, 18:24 pm »
  • [applaud]0
  • [smite]0
  • Since users don't have direct access to Hercules, our primary web server, Perl modules written by the user can not be accessed by Apache directly. This is an inconvenience, but it also means untrusted code can't be executed on the web server without the administrator's consent.

    This article describes the steps that must be taken by the administrator in order for such modules to be installed in a way that allows further modification by the user.



    ATC

    • Gjest
    [Solved] Private Perl modules in CGI scripts on Hermes/Hercules
    « Svar #1 på: 27. ſeptember 2008, 18:24 pm »
  • [applaud]0
  • [smite]0
  • 1. Think of a unique, descriptive "modulegroup" name for the module or collection of modules. A project name of some sort is usually a good idea. The user will refer to his files as "modulegroup::filename". Make sure you talk to the user and agree over this name.

    2. Create a directory in his/her home directory, with user/group ownership that permits the user to create/edit files as needed, and allows the group read/execute permissions. Don't forget to set privilege flags "g+s" and "+x" on the directory.

    3. Create the same group on Hercules, and grant user "nobody" membership of that group.

    4. Create a directory symlink on Hercules:
    "cd /usr/lib/perl5/site_perl/5.6.0/"
    "ln -s modulegroup /home/httpd/html/user/username/directory"

    5. Create a directory symlink on Hermes:
    "cd /usr/lib/perl5/site_perl/5.005/"
    "ln -s modulegroup /home/httpd/html/user/username/directory"