[pmwiki-users] adding cookbook script
Patrick R. Michaud
pmichaud at pobox.com
Sun Feb 24 15:57:05 CST 2008
On Sun, Feb 24, 2008 at 07:27:11PM +0100, jdd wrote:
> Patrick R. Michaud a écrit :
> > The problem with using a web-based interface to install cookbook
> > recipes automatically is that it requires write permission to
> > the cookbook/ directory. That's a security risk we haven't
> > wanted to take yet.
> > This is especially an issue since basically anyone can upload
> > recipes to the Cookbook.
> I think of a one shot interface, at install time, when all the
> permission are already open.
...except that the permissions to cookbook/ _aren't_ open,
even at install time.
> It should be already a good improvement
> if interface use need ssh access and folder permission change beforehand.
> could even be a sh script, to be done by the admin, not an online
> administration tools.
- not everyone is using unix
- not everyone using unix has command-line access
> such online tools should be nice (ala webmin, or phpmyadmin), but all
> an other thing
As I understand it, webmin works because it is "setuid root" -- i.e.,
when it runs on the webserver it has root privileges. I doubt that
many system administrators would allow PmWiki or its scripts to
run as root. I certainly wouldn't.
Phpmyadmin is similar, except it has privileged access to the mysql
server as opposed to the operating system.
So, webmin and phpmyadmin are "special", in that installing them
generally requires someone with root access to begin with -- it's
not something the average user is able to do.
More information about the pmwiki-users