Just a unsorted list of things to think about.
uwiki requests/actions are stateless as in the server does never need to store any volatile state information.
we may need to add some short lived locks (_lock metatype) to prevent race conditions on concurrent requests.
If a file is edited by 2 persons at the same time, the one who saves it last might yield a conflict and should send back to him for reediting/resolving the conflict. This can only be done if the request contains some identifier on which file version the file was originally based upon.
use assert() everywhere instead if log_level_func.. and override luas assert with a custom cgilua handler.
extend the lua toplevel (lua.c) to allow —chroot and —user options with the following semantics:
retain normal semantic if neither of the option is supplied and the program is not suid root.
if —chroot is given, the program must have the permissione to chroot else abort. check that the chroot dir exists.
if —user is given then the program must have permission to suid to the desire user, the user is picked from the root environment, not from the chroot environment.
if the program is suid root then refuse to —user root when the caller is not root.
if the program is suid root then check that the script must not be writeable by anyone else except root (or the destination user?)
prepare the chroot dir, but dont populate it, the admin shall install the distributution (or just binaries) of his choice there. Supply a script which removes all suid flags from binaries inside, since suid-root can break out of a chroot.