Re: Where to install a program called by an Apache module?
On Fri, Nov 02, 2001 at 03:47:12PM -0900, Ethan Benson wrote:
> On Sat, Nov 03, 2001 at 01:31:13AM +0100, Marcin Owsiany wrote:
> > Hi!
> > I'm packaging mod_auth_shadow. It uses a setuid binary to be able to
> > read /etc/shadow. Upstream installs it in /usr/sbin, but I don't think
> just a sidenote, but it should be setgid shadow on debian, instead of
> setuid root.
Right. Then it won't be possible to limit execution to Apache by doing
chgrp www-data and chmod o-x, but I guess it's worth it.
Marcin Owsiany <firstname.lastname@example.org> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216