CS43 Journal

Maintained by Abby Ge.

If you don't find something you are looking for or you have something that should be posted send me email.

5/9

attempt to configure Apache on acl1 with suexec turned on

find out AddHandler cgi-script cgi is essential

can't find the source code in the rpm package; turn to *.tar.gz

5/10

grapple with suexec

5/11

success with suexec; find problems I had were very interesting:

• --suexec-caller=nobody, otherwise www is assumed
• --suexec-userdir=acl1, the same value as the userdir in httpd.conf
• --suexec-docroot=/clients/users, the root directory of all cgi scripts
• the real fun: the default group id for users on linux is set to 100, while users on freeBSD is 115. This causes a mismatch of the target group and the program group. Fix: change users to 115 on /etc/group on acl1.

question: will it be easier/safer to use setuid in the cgi script itself?

5/12

tinker with setuid to run scripts as root or other users. Findings:

• unpriviledged users can't setuid to others, including root
• after root setuid to others, it loses its identity permanently

5/15

set up the 3-frame frontpage, structure the interface, start working on the plan form and script

look into the bizzare behavior of the vacation manpage under linux

5/16

configure apache to run as root on acl1. Incomplete documentation. Need to change apaci manually.

5/17

finish plan form and script

5/20

clean up:

• plan.cgi - switch from static HTML to dynamic HTML
• vacation.cgi - confusion, .forward shouldn't be a premise as to whether the vacation service can be offered
• forward.cgi - was working, some general corrections like the username shouldn't be kamoned
• quota.cgi - how to display quota and disk usage was, and still is, blank
• password.cgi - the actual password changing function was, and still is, in the debugging stage; crack utility was/is not applied
• CONFIG.pm - I used an older version of CONFIG.pm to ensure a functional copy of &parse_form and had to do a little debugging (SOC_STREAM -> SOCK_STREAM, return (1, $messages) -> return (1)) for &pop_auth

kept a list of sticky points (bugs.txt)

5/21

set up an experimental environment on acl2

study Charlie's wrap.c

don't know how to wire up the wrapper and the apache server, thinking modifying the source code of suexec would eliminate the linking problem.

Realize we DON'T want to run every cgi script as root, pull back to Charlie's code.

Sovle the problem of passing the program name through HTML, the thing works