Re: Shadow passwords and GNU su
On Tue, 10 Dec 1996, Marek Michalkiewicz wrote:
marekm >Are you sure about web servers? I thought they use their own
marekm >authentication databases... I'd rather not run any web server
marekm >as root, or even as group "shadow" (a simple misconfiguration
marekm >can compromise the shadow password file).
The authentication databases are compatible with /etc/passwd. We use our
/etc/passwd for authentication for webpages which have restricted access.
We do not run servers as root. The authentication is only for access to
marekm >This _was_ a long list, but most of the work is already done...
I have seen some of it.
--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
PGP Public Key = FB 9B 31 21 04 1E 3A 33 C7 62 2F C0 CD 81 CA B5
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com