From david@cs.dal.caWed Feb  7 14:24:29 1996
Date: Wed, 7 Feb 1996 11:28:15 -0400
From: David Trueman 
To: CCN Technical Committee 
Subject: partial security model

We should at some point write a document explaining the security model 
employd by CSuite.  The following is a first contribution toward one aspect:

	httpd runs as user http and group http

	private data is stored in directories accessable by http (user or
	  group) but with a .htaccess file and without world read capability

	various CGI programs (run as http) access private data, but the 
	  program itself takes responsibility to ensure that users can 
	  only access the subset of private data that they have a need and
	  right to know (using REMOTE_HOST and REMOTE_IDENT -- right now
	  REMOTE_IDENT is only trusted on the localhost)

	utility programs stored in lib directories may not individually check
	  for access authority, but they are only called from carefully
	  written CGI programs and they only have access when called by
	  http or root

As a corrollary, I have deleted cgi-lib from the httpd configuration as a 
CGI directory and will delete cgi-rlib as soon as I can be sure I won't 
break too much.

  David Trueman,
    Systems Manager, Dalhousie Math, Stats and Computing Science
    Co-Chair, Metro*CAN Society running Chebucto Community Net