This would be sub-functions of an online File Manager... I would check with Del on this as he has laid much groundwork in this area... Perhaps you 2 could colaborate?

Think template driven, with hooks for easy expansion... http://www.aota.net/ubb/smile.gif I have been kicking around the idea myself and doing it with PHP3, but some user/group switching has gotten in the way to where it would need to be CGI driven... http://www.aota.net/ubb/frown.gif

The biggest stumbling block will be writing it for centralized core access, yet switching user/group id on the fly without causing security problems... It's not pretty, but is doable...

Both PHP3 and mod_perl have this limitation, and it's not easy to get around it... mod_perl I'm S.O.L, but PHP3 can happen - yet very inefficient...

With everyone's paranoia about security nowadays, writing programs like this is extremly difficult, and is only going to get worse...
The only 3 choices are to:
1) run the script suid root (Never Good!)
2) run the script via an uid/gid switching mechanism (expensive overhead)
3) provide everyone with their own instance of the program within their CGI tree (inefficient, and makes maintenance impossible)

I can say that it took me over 2 months to write the CNC EMail_MGR module... It was a definite crash course in all the things you *can't* do and was a rude awakening to all the contortions required to create core level script functionality... http://www.aota.net/ubb/frown.gif

--
Terra
--Who do you want to be today?--
FutureQuest

Templates are easy enough... I'd like to hear what Del has so far. I was thinking of making it just a no interface script that does the dirty work, creating the .htaccess file and making the entries, etc, where you could just "plug it in" to CNC or another web interface and pass parameters to it.

I'm not very up on UID's, but wouldn't the script automatically run as the person - oh, shoot, I see. It would run under the ID of the installer, not the user - so making it like how normal scripts are run wouldn't work unless you installed a separate one for each... not a good idea. Hm, I hate when I'm thinking as I type... couldn't the script run under the user's UID once they've logged on via basic authentication? Isn't that info stored in an environment variable anyway???

Ok, I've got to quit thinking aloud. This is one area I really can't experiment with locally because Windows knows no such thing as UID's and file permissions... it just writes to any file you tell it to - even if it's nowhere near the www directories. I could write a script to edit my autoexec.bat file if I wanted to - and that sux http://www.aota.net/ubb/frown.gif

Back to the drawing board...

-----------
Justin
-- Why do kamikaze pilots wear helmets? --

------------------
Justin Nelson, SFE Software
www.vdj.net (http://www.vdj.net)

Ok, I got bored for about 2 seconds and came up with another project idea. How about a web based .htaccess file creator / editor thingus (for lack of a better explanation)? Want a custom 404 page? Click here. Want directory indexing off? Click Here. Want password protected directories? Click Here.

And so on. Any thoughts? I'm starting on it now, and I'm gonna make it anyway 'cause I'm kinda bored right now, but I'd appreciate any input. Maybe it could do more, too. Who knows. But I'm thinking total plug 'n' play here - no editing required. Just upload and set all paths, etc, from the web.

Justin