[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Where to install a program called by an Apache module?

On Fri, Nov 02, 2001 at 03:47:12PM -0900, Ethan Benson wrote:
> On Sat, Nov 03, 2001 at 01:31:13AM +0100, Marcin Owsiany wrote:
> > Hi!
> > 
> > I'm packaging mod_auth_shadow. It uses a setuid binary to be able to
> > read /etc/shadow. Upstream installs it in /usr/sbin, but I don't think
> just a sidenote, but it should be setgid shadow on debian, instead of
> setuid root.  

Right. Then it won't be possible to limit execution to Apache by doing
chgrp www-data and chmod o-x, but I guess it's worth it.

Marcin Owsiany <porridge@debian.org>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216

Reply to: