[sf-perl] How to get cgi program to invoke another program as a specific non-privileged user

Ray Baxter ray at warmroom.com
Sat May 19 15:59:47 PDT 2007


David Alban wrote:
> Any suggestions on how to accomplish this without making the build
> tool setuid?  

1) Have the cgi touch a file.

2) Have the build script user run a cron job every few minutes. Check to 
see if the sentinel file exists and that there is not a build in 
process, then delete the file and start the build.

Elaborations on this idea: put the e-mail or other user id in the 
sentinel file. Check to see if that user has permission to request a 
build if that makes sense. Send them e-mail when the build is completed. 
Allow for the possibility that two users will have requested a build 
since the last build.

Ray





More information about the SanFrancisco-pm mailing list