I'm trying to develop a dbman application on my ISP's web server with a zillion other shell-account users. I'd like to make it run setuid, just to keep the database file from being publicly-readable and writable. (Its Apache 1.3.9 on Linux.) Anyway, the standard setuid C wrapper approach works for most other apps. I've got it to start (by renaming db.cgi to db.pl, the wrapper as db.cgi, and changing parse_form to read from $ENV{'QUERY_STRING'}) but I run into one "insecure dependency" after another. I think the search function might also break because it relies on METHOD=GET in parse_form.

Has anyone done this successfully? I don't mind making major changes to the code.
--
stetzer

Are you able to using an .htaccess file on your server which would prevent others from viewing the files within your directory?

You will find ideas for this in the FAQ noted below under "Admin".

Hope this helps

Unoffical DBMan FAQ
http://webmagic.hypermart.net/dbman/

The dbman authorization works fine as far as security from the Web side goes...what I'm concerned
about is security from the other shell account users on the Linux box...htaccess doesn't help there...

The web server runs as "nobody" so all the files that are read/written by CGI programs (eg my
database) must be public read/write to all the shell account users on the box.
--
Stetzer