Date: Sat, 9 Jun 2001 01:03:54 -0400 From: "Jim Flowers" <jflowers@ezo.net> To: <freebsd-questions@freebsd.org> Subject: Netsaint External Commands Message-ID: <013d01c0f0a1$95b5e2a0$22b197ce@ezo.net>
next in thread | raw e-mail | index | archive | help
The Netsaint instructions to enable the use of external commands won't work with FreeBSD due to the use of sgid on the rw directory to enable appending to the netsaint.cmd pipe <FIFO>. The docs say that the sgid bit is ignored on directories and it sure doesn't work. The idea is that the web server runs as user nobody, and user nobody is listed in the /etc/group file as a member of the nscmd group. Both the rw directory and the netsaint.cmd pipe or owned by user netscape with group nscmd so the cmd.cgi script should be able to open the pipe for writing. Not so. Ignoring the sgid bit and by trial and error, the directory must have o+x and the file must have o+rw permissions or nothing happens. The cgi script just refuses to open the pipe. [ fopen(command_file,"w+") ] I can understand the directory x bit having to be set or the calling program wouldn't be able to find the file. I don't understand why the group permissions don't allow the append. Shouldn't this work because 'nobody' is a member of the nscmd group? Rather than leave things this way, I set g+x on the directory, the pipe is created by Netsaint with g+rw and changed the group on the cmd.cgi program to nscmd with the sgid bit set. Does this make sense and does it represent a security problem? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?013d01c0f0a1$95b5e2a0$22b197ce>