• Using Unix Groups For TWiki Security
  • Different Security Levels In Same TWiki Installation
    • Problem with Overprivileged Webserver
  • Multiple Separate TWiki Installations For Security

In Using Unix Groups For TWiki Security I describe, well, Using Unix Groups For TWiki Security.

Different Security Levels In Same TWiki Installation and Multiple Separate TWiki Installations For Security describes schemes for Using Unix Groups For TWiki Security.

I have encountered one problem:

I am a fairly ordinary user at the company site where I am installing this wiki. I can run cgi scripts, but I don't have root (and don't want it - I could get it if necessary, but then they might expect me to do more sysadmin).

The Apache webserver runs as user=www, group=www. This would be fine for Using Unix Groups For TWiki Security.

Except... user=www was placed in an additional UNIX group that almost all users are in. This is using the BSD-like supplementary groups system. Let's call it group "global".

And, problem, I want all of the files to be readable by members of group global. I do not want to have to create a group which is "everyone in group global, except for the webserver www".

You would think that I could use setgroups to "drop the group global from the supplementary group list - but on LINUX and SunOS, at least, I cannot do that unless running as root. I could write some setuid root scripts to do this, but the old secure system administrator in me objects to that.

If I had filesystem ACLs I could accomplish this...

But, basically, the problem is that my webserver has been given too much privilege, undoubtedly to make some naive cgi script easier to run, and as a result I cannot make it sufficiently unprivileged to be as secure as I would like it to be.

Advice appreciated, if there's a standard UNIX solution to this that I do not see.

-- AndyGlew - 15 Apr 2003