Template system question - for lack of better name

Anon

I've been tasked with the job of finding a way to let people update their appropriate department's web page w/o having to go through me.

One way of doing this would be to let everyone have their own accounts on the machine and let them go to work. I'm not really for this idea. One, many people don't know what they're doing, and two, I'd like to keep the the web structure sane and organized w/o everyone else tainting it. FTP is out too as we're not running it on the machine and don't plan to.

Another way might be to create some sort of system where people could edit their files online through the use of a form. I've already got a template system in place and would basically be feeding it an included file. This would have to be done by allowing whatever user httpd runs as to write to files on the server. I'm currently doing this for some individual file upload directories, but it's a little discomforting to allow every departments webpage to be written to by whoever httpd runs as (nobody).

Another variation on the above option is to store all the info in a db.

The bottom line is (according to the higher ups), people need to update their pages with little or no interaction with me (the owner of the intranet), but being the owner, I don't want them screwing up my structure and format. Something about too many cooks in the kitchen...

Any ideas/suggestions?

Anon

PHP as CGI might work. I have never tried it but I read that you can use the CGI version to allow certain processes to be executed as another user on the system. Obviously there are some security issues around this as well, but it might be something to look into. You could then set up departmental accounts and be able to let those departmental users "own" the files they create or edit.

Other users might have a better idea of the good/bad about trying this.

Another "silly" idea would be to set aside a particular section of the site for "creation or edits" which then puts entries into a DB or text file as to where the file should go, who owns it, etc. You could then set up a cron job to read that file/DB and make the appropriate updates. Just an idea off the top of my head.

If you find a good way to do this I wouldn't mind hearing about it, I have a few projects that I would like to handle in a similar way and hate the "nobody" user having to own all the files.

Tim Frank

Anon

Hey Tim, it's been a while, but I think I came up with a process that's going to work. To let users modify their pages, I'm going them DAV access with the apache mod_dav module - which works like a charm!

And for the template system, I'm moving to SSI's (with exec turned off). The cool thing is that I can have a page that is PHP parsed included by just using the SSI include.

I'm sure there's a little overhead with this, but I don't see it bogging down our intranet server.

Anon

Dennis,

Glad to hear you came up with something that works. I have a couple questions for you though, if you don't mind answering.

I very briefly looked at mod_dav and installed it on our test server for one of our student employees to try. I looked at it just to get it installed, have never actually used it myself.

How are you handling the security for it? I remember that all the directories had to be rw by the httpd user (nobody). How do you handle multiple users so they don't/can't modify files for other users?

Do you use the mod_dav with Windows... what I mean is are the people developing on windows and using those "Web Folders" that you can set up? If so, how are they working for you? I remember the student was having some problems with loading or saving files with that method.

I know I will have to look into some of this myself, but I was just hoping you could give me some insight from a working system.

Thanks a bunch for the feedback (you don't often get that once you help somebody), and for any further info you can provide.

You can email me directly if you wish.

Tim Frank