Re: Bug#485562: twiki: configure script access badly protected

To: Justin B Rye <jbr@edlug.org.uk>, 485562@bugs.debian.org
Cc: debian-l10n-english@lists.debian.org
Subject: Re: Bug#485562: twiki: configure script access badly protected
From: Olivier Berger <olivier.berger@it-sudparis.eu>
Date: Sat, 28 Jun 2008 10:45:44 +0200
Message-id: <[🔎] 1214642744.14336.103.camel@hortense>
In-reply-to: <[🔎] 20080628073702.GA21039@xibalba.demon.co.uk>
References: <1213086947.8329.60.camel@hortense> <484E4123.2000105@home.org.au> <1213192111.5726.45.camel@hortense> <1214461917.32426.11.camel@hortense> <[🔎] 20080626164206.GA6288@mykerinos.kheops.frmug.org> <[🔎] 20080626212339.GA14770@xibalba.demon.co.uk> <[🔎] 20080627045225.GF22161@mykerinos.kheops.frmug.org> <[🔎] 1214573640.14336.46.camel@hortense> <[🔎] 20080627141845.GA1228@xibalba.demon.co.uk> <[🔎] 1214577507.14336.83.camel@hortense> <[🔎] 20080628073702.GA21039@xibalba.demon.co.uk>

Le samedi 28 juin 2008 à 08:37 +0100, Justin B Rye a écrit :
> Olivier Berger wrote:
> > *Should be "apache" in all three.*
> > 
> > By "apache user", I mean something which relates to Require user in the
> > apache.conf section of the 'configure' script... of course, this assumes
> > that it's running apache and no other web server ;)
> > 
> > In any case, that's meant to differenciate from "TWiki users", which are
> > managed "inside twiki".
> 
> I'm still not quite convinced by the expression "apache user", but I
> can't decide what alternative I'd suggest.
> 
> The trouble with "apache user" is that it might mean the local
> system's www-data, or maybe the owner of the computer, rather than
> a browser-user authenticated via mod_auth_basic...
> 

I agree it's ambiguous... but a default value is provided... and the
administrator of TWiki who installs it will only need to provide this
user again if/when he/she accesses the configure script's URL. At this
time, hope is he/she will have read the README.Debian, and will
understand better what that admin-user was... so we're reasonably safe
here... and even if www-data was provided here in place of the default
value, I guess it wouldn't hurt either.

I'm preparing addons to the README.Debian to clarify a bit all this
anyway, for the NMU.

Thanks for the comments.
-- 
Olivier BERGER <olivier.berger@it-sudparis.eu>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)

Reply to:

References:
- Re: Bug#485562: twiki: configure script access badly protected
  - From: Christian Perrier <bubulle@debian.org>
- Re: Bug#485562: twiki: configure script access badly protected
  - From: Justin B Rye <jbr@edlug.org.uk>
- Re: Bug#485562: twiki: configure script access badly protected
  - From: Christian Perrier <bubulle@debian.org>
- Re: Bug#485562: twiki: configure script access badly protected
  - From: Olivier Berger <olivier.berger@it-sudparis.eu>
- Re: Bug#485562: twiki: configure script access badly protected
  - From: Justin B Rye <jbr@edlug.org.uk>
- Re: Bug#485562: twiki: configure script access badly protected
  - From: Olivier Berger <olivier.berger@it-sudparis.eu>
- Re: Bug#485562: twiki: configure script access badly protected
  - From: Justin B Rye <jbr@edlug.org.uk>

Prev by Date: Re: Bug#485562: twiki: configure script access badly protected
Next by Date: Re: Bug#485562: twiki: configure script access badly protected
Previous by thread: Re: Bug#485562: twiki: configure script access badly protected
Next by thread: Re: Bug#485562: twiki: configure script access badly protected
Index(es):
- Date
- Thread