6.7. user

[<<<] [>>>]

user "www-data"

This key specifies the user that the Eszter SB Application Engine uses to execute. This key has effect only under UNIX and is ignored under Windows NT.

When the Eszter SB Application Engine has performed the initialization tasks it calls the system function setuid to change the effective user. After this point all BASIC programs are going to be executed in the security context of the named user.

The name of the user for this operation has to be specified in this configuration key.

If the configuration key is missing the Eszter SB Application Engine will be executing in the context of the original user.

It is recommended that you specify this user and install the Eszter SB Application Engine owned by root and with the setuid bit set. This way you can secure the panic log file, which is opened as root. The other log files, however can not be secured this way as they are closed and reopened time to time by the engine.

To ensure that the engine really runs in the context of the specified user I performed the following test:

# chown root:root /home/verhas/scribas/echo.bas 
# chmod 700 /home/verhas/scribas/echo.bas
# touch /home/verhas/scribas/echo.bas
# sbhttpd

# cat /var/log/scriba/err.log 2001.09.09 08:38:09 /home/verhas/scribas/echo.bas(0): error &H42:The file can not be read. # chown www-data:www-data /home/verhas/scribas/echo.bas # sbhttpd

After starting the engine (from hand sbhttpd) I used my browser to invoke the script `echo.bas'. I simply pressed control C to stop it. The command touch is necessary otherwise the already executed script is not read, but executed from the compiled version from the cache directory.

[<<<] [>>>]